diff --git a/Makefile b/Makefile index 6012874e..153d8125 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,7 @@ install: mkdir -p ${DESTDIR}/usr/share/${APP}/utils mkdir -p ${DESTDIR}/usr/share/${APP}/avatars mkdir -p ${DESTDIR}/etc/${APP} + rm -f ${DESTDIR}/${PREFIX}/bin/${APP}-* cp -r image_build/* ${DESTDIR}/etc/${APP} cp img/backgrounds/${APP}_*.png ${DESTDIR}${PREFIX}/share cp img/avatars/* ${DESTDIR}/usr/share/${APP}/avatars diff --git a/man/freedombone-image.1.gz b/man/freedombone-image.1.gz index ebaee074..5b33ddc4 100644 Binary files a/man/freedombone-image.1.gz and b/man/freedombone-image.1.gz differ diff --git a/src/cronic b/src/cronic index 2e8e9b27..385979f2 100755 --- a/src/cronic +++ b/src/cronic @@ -12,14 +12,14 @@ ERR=$TMP/cronic.err TRACE=$TMP/cronic.trace set +e -"$@" >$OUT 2>$TRACE +"$@" >"$OUT" 2>"$TRACE" RESULT=$? set -e PATTERN="^${PS4:0:1}\\+${PS4:1}" -if grep -aq "$PATTERN" $TRACE +if grep -aq "$PATTERN" "$TRACE" then - ! grep -av "$PATTERN" $TRACE > $ERR + ! grep -av "$PATTERN" "$TRACE" > "$ERR" else ERR=$TRACE fi @@ -33,7 +33,7 @@ if [ $RESULT -ne 0 ] echo echo "STANDARD OUTPUT:" cat "$OUT" - if [ $TRACE != $ERR ] + if [ "$TRACE" != "$ERR" ] then echo echo "TRACE-ERROR OUTPUT:" diff --git a/src/freedombone b/src/freedombone index 5e69cc2b..0549bcf4 100755 --- a/src/freedombone +++ b/src/freedombone @@ -42,61 +42,61 @@ fi source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars -UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* +UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do - source $f + source "$f" done -APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* +APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*" for f in $APP_FILES do - source $f + source "$f" done -command_options=$1 +command_options="$1" -if [[ $command_options == "menuconfig-full" ]]; then +if [[ "$command_options" == "menuconfig-full" ]]; then MINIMAL_INSTALL="no" fi -if [[ $command_options == "menuconfig-onion" ]]; then +if [[ "$command_options" == "menuconfig-onion" ]]; then MINIMAL_INSTALL="yes" ONION_ONLY="yes" fi -if [[ $command_options == "menuconfig-gnusocial" ]]; then +if [[ "$command_options" == "menuconfig-gnusocial" ]]; then MINIMAL_INSTALL="yes" ONION_ONLY="no" SOCIALINSTANCE='gnusocial' fi -if [[ $command_options == "menuconfig-postactiv" ]]; then +if [[ "$command_options" == "menuconfig-postactiv" ]]; then MINIMAL_INSTALL="yes" ONION_ONLY="no" SOCIALINSTANCE='postactiv' fi -if [ ! $CONFIGURATION_FILE ]; then - CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg +if [ ! "$CONFIGURATION_FILE" ]; then + CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg" fi -if [ ! $COMPLETION_FILE ]; then - COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt +if [ ! "$COMPLETION_FILE" ]; then + COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt" fi # before the interactive config so that wifi adaptors may be detected setup_wifi_atheros -if [[ $command_options == "menuconfig"* ]]; then +if [[ "$command_options" == "menuconfig"* ]]; then if [[ "$2" == "--reset" ]]; then - if [ -f $CONFIGURATION_FILE ]; then - rm $CONFIGURATION_FILE + if [ -f "$CONFIGURATION_FILE" ]; then + rm "$CONFIGURATION_FILE" fi - if [ -f $COMPLETION_FILE ]; then - rm $COMPLETION_FILE + if [ -f "$COMPLETION_FILE" ]; then + rm "$COMPLETION_FILE" fi - if [ -f /usr/share/${PROJECT_NAME}/installed.txt ]; then - rm /usr/share/${PROJECT_NAME}/installed.txt + if [ -f "/usr/share/${PROJECT_NAME}/installed.txt" ]; then + rm "/usr/share/${PROJECT_NAME}/installed.txt" fi if [ -f /root/removed ]; then rm /root/removed @@ -104,20 +104,20 @@ if [[ $command_options == "menuconfig"* ]]; then fi # clear the interactive file which indicates configuration success - interactive_file=$HOME/.${PROJECT_NAME}-interactive - if [ -f $interactive_file ]; then - rm $interactive_file + interactive_file="$HOME/.${PROJECT_NAME}-interactive" + if [ -f "$interactive_file" ]; then + rm "$interactive_file" fi interactive_configuration # check that the interactive file was created - if [ ! -f $interactive_file ]; then + if [ ! -f "$interactive_file" ]; then exit 6393562 fi - rm $interactive_file + rm "$interactive_file" else - while [[ $# > 1 ]] + while [ $# -gt 1 ] do key="$1" @@ -169,12 +169,12 @@ else # Static IP address for the system --ip) shift - LOCAL_NETWORK_STATIC_IP_ADDRESS=$1 + LOCAL_NETWORK_STATIC_IP_ADDRESS="$1" ;; # IP address for the internet router --iprouter) shift - ROUTER_IP_ADDRESS=$1 + ROUTER_IP_ADDRESS="$1" ;; # ssh port --ssh) @@ -214,61 +214,61 @@ else # Mumble server password --vpass) shift - MUMBLE_SERVER_PASSWORD=$1 + MUMBLE_SERVER_PASSWORD="$1" ;; # Mumble server port --vport) shift - MUMBLE_PORT=$1 + MUMBLE_PORT="$1" ;; # DNS Nameserver 1 --ns1) shift - NAMESERVER1=$1 + NAMESERVER1="$1" ;; # DNS Nameserver 2 --ns2) shift - NAMESERVER2=$1 + NAMESERVER2="$1" ;; # DNS Nameserver 3 --ns3) shift - NAMESERVER3=$1 + NAMESERVER3="$1" ;; # DNS Nameserver 4 --ns4) shift - NAMESERVER4=$1 + NAMESERVER4="$1" ;; # DNS Nameserver 5 --ns5) shift - NAMESERVER5=$1 + NAMESERVER5="$1" ;; # DNS Nameserver 6 --ns6) shift - NAMESERVER6=$1 + NAMESERVER6="$1" ;; # Debian repository --repo) shift - DEBIAN_REPO=$1 + DEBIAN_REPO="$1" ;; # clear the config file --reset) - if [ -f $CONFIGURATION_FILE ]; then - rm $CONFIGURATION_FILE + if [ -f "$CONFIGURATION_FILE" ]; then + rm "$CONFIGURATION_FILE" fi - if [ -f $COMPLETION_FILE ]; then - rm $COMPLETION_FILE + if [ -f "$COMPLETION_FILE" ]; then + rm "$COMPLETION_FILE" fi ;; # minimal install --minimal) shift - MINIMAL_INSTALL=$1 + MINIMAL_INSTALL="$1" ;; *) # unknown option @@ -293,7 +293,7 @@ function parse_args { read_config_param 'DDNS_USERNAME' read_config_param 'DDNS_PASSWORD' - if [ ! -d /home/$MY_USERNAME ]; then + if [ ! -d "/home/$MY_USERNAME" ]; then echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user." exit 1 fi @@ -304,7 +304,7 @@ function parse_args { exit 2 fi fi - if [ ! $MY_USERNAME ]; then + if [ ! "$MY_USERNAME" ]; then echo 'No username specified' show_help exit 3 @@ -312,11 +312,11 @@ function parse_args { if [[ $SYSTEM_TYPE != "mesh"* ]]; then if [[ "$DDNS_PROVIDER" != 'none' ]]; then if [[ $ONION_ONLY == "no" ]]; then - if [ ! $DDNS_USERNAME ]; then + if [ ! "$DDNS_USERNAME" ]; then echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option' exit 7823 fi - if [ ! $DDNS_PASSWORD ]; then + if [ ! "$DDNS_PASSWORD" ]; then echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option' exit 6382 fi @@ -324,7 +324,7 @@ function parse_args { fi fi - if [ ! $SYSTEM_TYPE ]; then + if [ ! "$SYSTEM_TYPE" ]; then SYSTEM_TYPE=$'full' write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE" fi @@ -338,8 +338,7 @@ function parse_args { # run some initial tests clear -${PROJECT_NAME}-tests -if [ ! "$?" = "0" ]; then +if ! "${PROJECT_NAME}-tests"; then exit 768252 fi @@ -354,7 +353,7 @@ upgrade_installation_from_previous_versions setup_utils setup_email setup_web -setup_apps $command_options +setup_apps "$command_options" setup_final echo '' diff --git a/src/freedombone-addcert b/src/freedombone-addcert index 5b6ee2f9..ffcd9709 100755 --- a/src/freedombone-addcert +++ b/src/freedombone-addcert @@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale" CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt -UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* +UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do - source $f + source "$f" done # Don't pin certs by default @@ -85,7 +85,7 @@ function show_help { exit 0 } -while [[ $# > 1 ]] +while [ $# -gt 1 ] do key="$1" @@ -145,11 +145,11 @@ do ;; --dhkey) shift - DH_KEYLENGTH=${1} + DH_KEYLENGTH="${1}" ;; --pin) shift - PIN_CERTS=${1} + PIN_CERTS="${1}" ;; *) # unknown option @@ -158,8 +158,8 @@ do shift done -if [ ! $HOSTNAME ]; then - if [ ! $LETSENCRYPT_HOSTNAME ]; then +if [ ! "$HOSTNAME" ]; then + if [ ! "$LETSENCRYPT_HOSTNAME" ]; then echo $'No hostname specified' exit 5748 fi @@ -180,16 +180,16 @@ function remove_cert_letsencrypt { CERTFILE=$LETSENCRYPT_HOSTNAME # disable the site if needed - if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then - if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then - nginx_dissite ${LETSENCRYPT_HOSTNAME} + if [ -f "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}" ]; then + if grep -q "443" "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}"; then + nginx_dissite "${LETSENCRYPT_HOSTNAME}" fi fi # remove the cert - rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}* - rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}* - rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf + rm -rf "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*" + rm -rf "/etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*" + rm "/etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf" # restart the web server systemctl restart nginx @@ -199,14 +199,14 @@ function add_cert_letsencrypt { CERTFILE=$LETSENCRYPT_HOSTNAME # obtain the email address for the admin user - if [ ! $MY_EMAIL_ADDRESS ]; then - if [ -f $CONFIGURATION_FILE ]; then + if [ ! "$MY_EMAIL_ADDRESS" ]; then + if [ -f "$CONFIGURATION_FILE" ]; then read_config_param MY_EMAIL_ADDRESS fi fi - if [ ! $MY_EMAIL_ADDRESS ]; then - if [ -f $COMPLETION_FILE ]; then - if grep -q "Admin user:" $COMPLETION_FILE; then + if [ ! "$MY_EMAIL_ADDRESS" ]; then + if [ -f "$COMPLETION_FILE" ]; then + if grep -q "Admin user:" "$COMPLETION_FILE"; then function_check get_completion_param ADMIN_USER=$(get_completion_param "Admin user") if [ ${#ADMIN_USER} -eq 0 ]; then @@ -232,8 +232,7 @@ function add_cert_letsencrypt { chgrp -R root /etc/letsencrypt chmod -R 777 /etc/letsencrypt - certbot certonly -n --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS - if [ ! "$?" = "0" ]; then + if ! certbot certonly -n --server "$LETSENCRYPT_SERVER" --standalone -d "$LETSENCRYPT_HOSTNAME" --renew-by-default --agree-tos --email "$MY_EMAIL_ADDRESS"; then echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME" echo $'Also see https://letsencrypt.status.io to check for any service outages' chgrp -R ssl-cert /etc/letsencrypt @@ -245,42 +244,42 @@ function add_cert_letsencrypt { fi # replace some legacy filenames - if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then - mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" ]; then + mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" fi - if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then - mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" ]; then + mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" fi - sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME - sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME + sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME" + sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME" # link the private key - if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then - if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then - mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old + if [ -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then + if [ ! -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" ]; then + mv "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" else - rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key + rm -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" fi fi - if [ -L /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then - rm /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key + if [ -L "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then + rm "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" fi - ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key + ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" # link the public key - if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then - if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then - mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old + if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then + if [ ! -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" ]; then + mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" else - rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + rm -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" fi fi - if [ -L /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then - rm /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + if [ -L "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then + rm "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" fi - ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem + ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" - cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem + cp "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem" update_default_domain @@ -291,12 +290,11 @@ function add_cert_letsencrypt { chmod -R g=rX /etc/letsencrypt chown -R root:ssl-cert /etc/letsencrypt - nginx_ensite ${LETSENCRYPT_HOSTNAME} + nginx_ensite "${LETSENCRYPT_HOSTNAME}" systemctl start nginx - if [ $PIN_CERTS ]; then - ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME - if [ ! "$?" = "0" ]; then + if [ "$PIN_CERTS" ]; then + if ! "${PROJECT_NAME}-pin-cert" "$LETSENCRYPT_HOSTNAME"; then echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned" exit 62878 fi @@ -304,21 +302,20 @@ function add_cert_letsencrypt { } function add_cert_selfsigned { - if [[ $ORGANISATION == "Freedombone-CA" ]]; then + if [[ "$ORGANISATION" == "Freedombone-CA" ]]; then CERTFILE="ca-$HOSTNAME" fi - openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \ + openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \ -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \ - -newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \ - -out /etc/ssl/certs/${CERTFILE}.crt - chmod 400 /etc/ssl/private/${CERTFILE}.key - chmod 640 /etc/ssl/certs/${CERTFILE}.crt - cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts + -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \ + -out "/etc/ssl/certs/${CERTFILE}.crt" + chmod 400 "/etc/ssl/private/${CERTFILE}.key" + chmod 640 "/etc/ssl/certs/${CERTFILE}.crt" + cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts" - if [ $PIN_CERTS ]; then - ${PROJECT_NAME}-pin-cert $CERTFILE - if [ ! "$?" = "0" ]; then + if [ "$PIN_CERTS" ]; then + if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then echo $"Certificate for $CERTFILE could not be pinned" exit 62879 fi @@ -326,9 +323,9 @@ function add_cert_selfsigned { } function generate_dh_params { - if [ ! $NODH ]; then - if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then - ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes + if [ ! "$NODH" ]; then + if [ ! -f "/etc/ssl/certs/${CERTFILE}.dhparam" ]; then + "${PROJECT_NAME}-dhparam" -h "${CERTFILE}" --fast yes fi fi } @@ -346,12 +343,12 @@ function make_cert_bundle { } function create_cert { - if [ $remove_cert ]; then + if [ "$remove_cert" ]; then remove_cert_letsencrypt return fi - if [ $LETSENCRYPT_HOSTNAME ]; then + if [ "$LETSENCRYPT_HOSTNAME" ]; then add_cert_letsencrypt else add_cert_selfsigned diff --git a/src/freedombone-addemail b/src/freedombone-addemail index e5ee8080..bf2926a2 100755 --- a/src/freedombone-addemail +++ b/src/freedombone-addemail @@ -47,54 +47,54 @@ function show_help { exit 0 } -while [[ $# > 1 ]] +while [ $# -gt 1 ] do key="$1" case $key in - -h|--help) - show_help - ;; - -u|--user) - shift - MYUSERNAME="$1" - ;; - -e|--email) - shift - EMAILADDRESS="$1" - ;; - -s|--subject) - shift - SUBJECT_TEXT="$1" - ;; - -g|--group) - shift - GROUP_NAME="$1" - ;; - -p|--public) - shift - PUBLIC="$1" - ;; - *) - # unknown option - ;; + -h|--help) + show_help + ;; + -u|--user) + shift + MYUSERNAME="$1" + ;; + -e|--email) + shift + EMAILADDRESS="$1" + ;; + -s|--subject) + shift + SUBJECT_TEXT="$1" + ;; + -g|--group) + shift + GROUP_NAME="$1" + ;; + -p|--public) + shift + PUBLIC="$1" + ;; + *) + # unknown option + ;; esac shift done -if ! [[ $MYUSERNAME && $GROUP_NAME ]]; then +if ! [[ "$MYUSERNAME" && "$GROUP_NAME" ]]; then show_help fi -if [ ${#EMAILADDRESS} -lt 2 ]; then +if [ "${#EMAILADDRESS}" -lt 2 ]; then if [ ${#SUBJECT_TEXT} -lt 2 ]; then - show_help + show_help fi fi -MUTTRC=/home/$MYUSERNAME/.muttrc -PM=/home/$MYUSERNAME/.procmailrc -LISTDIR=/home/$MYUSERNAME/Maildir/$GROUP_NAME +MUTTRC="/home/$MYUSERNAME/.muttrc" +PM="/home/$MYUSERNAME/.procmailrc" +LISTDIR="/home/$MYUSERNAME/Maildir/$GROUP_NAME" proc_rule=" * ^From:.*$EMAILADDRESS" proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME" @@ -104,54 +104,53 @@ if [ ${#SUBJECT_TEXT} -gt 0 ]; then fi if [ ! -d "$LISTDIR" ]; then - mkdir -m 700 $LISTDIR - mkdir -m 700 $LISTDIR/tmp - mkdir -m 700 $LISTDIR/new - mkdir -m 700 $LISTDIR/cur + mkdir -m 700 "$LISTDIR" + mkdir -m 700 "$LISTDIR/tmp" + mkdir -m 700 "$LISTDIR/new" + mkdir -m 700 "$LISTDIR/cur" fi -chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR -if ! grep -q "$proc_comment" $PM; then +chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR" +if ! grep -q "$proc_comment" "$PM"; then if [[ $PUBLIC != "yes" ]]; then - # private emails go after the encryption stage - echo '' >> $PM - echo "$proc_comment" >> $PM - echo ":0" >> $PM - echo "$proc_rule" >> $PM - echo "$LISTDIR/new" >> $PM - echo "# End of rule" >> $PM + # private emails go after the encryption stage + { echo ''; + echo "$proc_comment"; + echo ":0"; + echo "$proc_rule"; + echo "$LISTDIR/new"; + echo "# End of rule"; } >> "$PM" else - # public emails are copied before the encryption stage - if ! grep -q '# encrypt' $PM; then - echo '' >> $PM - echo "$proc_comment" >> $PM - echo ":0" >> $PM - echo "$proc_rule" >> $PM - echo "$LISTDIR/new" >> $PM - echo "# End of rule" >> $PM - else - filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n") - sed -i "/# encrypt/i ${filter}" $PM + # public emails are copied before the encryption stage + if ! grep -q '# encrypt' "$PM"; then + { echo ''; + echo "$proc_comment"; + echo ":0"; + echo "$proc_rule"; + echo "$LISTDIR/new"; + echo "# End of rule"; } >> "$PM" + else + sed -i "/# encrypt/i $proc_comment\\n:0\\n${proc_rule}\\n$LISTDIR/new\\n# End of rule\\n" "$PM" + fi fi - fi - chown $MYUSERNAME:$MYUSERNAME $PM + chown "$MYUSERNAME":"$MYUSERNAME" "$PM" fi if [ ! -f "$MUTTRC" ]; then - cp /etc/Muttrc $MUTTRC - chown $MYUSERNAME:$MYUSERNAME $MUTTRC + cp /etc/Muttrc "$MUTTRC" + chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC" fi PROCMAILLOG=/home/$MYUSERNAME/log -if [ ! -d $PROCMAILLOG ]; then - mkdir $PROCMAILLOG - chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG +if [ ! -d "$PROCMAILLOG" ]; then + mkdir "$PROCMAILLOG" + chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG" fi -MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC) -if [[ $MUTT_MAILBOXES != *$GROUP_NAME* ]]; then - if ! grep -q "=$GROUP_NAME" $MUTTRC; then - sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC - chown $MYUSERNAME:$MYUSERNAME $MUTTRC +MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC") +if [[ "$MUTT_MAILBOXES" != *$GROUP_NAME* ]]; then + if ! grep -q "=$GROUP_NAME" "$MUTTRC"; then + sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" "$MUTTRC" + chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC" fi fi diff --git a/src/freedombone-addlist b/src/freedombone-addlist index 9bbecd30..d76d4cd0 100755 --- a/src/freedombone-addlist +++ b/src/freedombone-addlist @@ -47,124 +47,119 @@ function show_help { exit 0 } -while [[ $# > 1 ]] +while [ $# -gt 1 ] do key="$1" case $key in - -h|--help) - show_help - ;; - -u|--user) - shift - MYUSERNAME="$1" - ;; - -l|--list) - shift - MAILINGLIST="$1" - ;; - -s|--subject) - shift - SUBJECTTAG="$1" - ;; - -e|--email) - shift - LIST_ADDRESS="$1" - ;; - -p|--public) - shift - PUBLIC="$1" - ;; - *) - # unknown option - ;; + -h|--help) + show_help + ;; + -u|--user) + shift + MYUSERNAME="$1" + ;; + -l|--list) + shift + MAILINGLIST="$1" + ;; + -s|--subject) + shift + SUBJECTTAG="$1" + ;; + -e|--email) + shift + LIST_ADDRESS="$1" + ;; + -p|--public) + shift + PUBLIC="$1" + ;; + *) + # unknown option + ;; esac shift done -if [ ! $MYUSERNAME ]; then +if [ ! "$MYUSERNAME" ]; then show_help fi -if [[ ! $MAILINGLIST && ! $SUBJECTTAG ]]; then +if [[ ! "$MAILINGLIST" && ! "$SUBJECTTAG" ]]; then show_help fi -MUTTRC=/home/$MYUSERNAME/.muttrc -PM=/home/$MYUSERNAME/.procmailrc -LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST +MUTTRC="/home/$MYUSERNAME/.muttrc" +PM="/home/$MYUSERNAME/.procmailrc" +LISTDIR="/home/$MYUSERNAME/Maildir/$MAILINGLIST" -if grep -q "=$MAILINGLIST" $MUTTRC; then +if grep -q "=$MAILINGLIST" "$MUTTRC"; then echo $"Mailing list $MAILINGLIST was already added" fi if [ ! -d "$LISTDIR" ]; then - mkdir -m 700 $LISTDIR - mkdir -m 700 $LISTDIR/tmp - mkdir -m 700 $LISTDIR/new - mkdir -m 700 $LISTDIR/cur + mkdir -m 700 "$LISTDIR" + mkdir -m 700 "$LISTDIR/tmp" + mkdir -m 700 "$LISTDIR/new" + mkdir -m 700 "$LISTDIR/cur" fi -chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR +chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR" if [ ${#SUBJECTTAG} -gt 0 ]; then # use the subject tag - if ! grep -q "Subject:.*()\[$SUBJECTTAG\]" $PM; then - if [[ $PUBLIC != "yes" ]]; then - # private emails go after the encryption stage - filter=" -# Email rule for $MAILINGLIST subject [$SUBJECTTAG] -:0 - * ^Subject:.*()\[$SUBJECTTAG\] -$LISTDIR/new -# End of rule -" - echo "$filter" >> $PM - else - # public emails are copied before hte encryption stage - if ! grep -q '# encrypt' $PM; then - filter=" -# Email rule for $MAILINGLIST subject [$SUBJECTTAG] -:0 - * ^Subject:.*()\[$SUBJECTTAG\] -$LISTDIR/new -# End of rule -" - echo "$filter" >> $PM + if ! grep -q "Subject:.*()\\[$SUBJECTTAG\\]" "$PM"; then + if [[ $PUBLIC != "yes" ]]; then + # private emails go after the encryption stage + { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]"; + echo ":0"; + echo " * ^Subject:.*()\\[$SUBJECTTAG\\]"; + echo "$LISTDIR/new"; + echo "# End of rule"; + echo ""; } >> "$PM" else - filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n") - sed -i "/# encrypt/i ${filter}" $PM + # public emails are copied before hte encryption stage + if ! grep -q '# encrypt' "$PM"; then + { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]"; + echo ":0"; + echo " * ^Subject:.*()\\[$SUBJECTTAG\\]"; + echo "$LISTDIR/new"; + echo "# End of rule"; + echo ""; } >> "$PM" + else + sed -i "/# encrypt/i # Email rule for $MAILINGLIST subject [$SUBJECTTAG]\\n:0\\n * ^Subject:.*()\\\\[$SUBJECTTAG\\\\]\\n$LISTDIR/new\\n# End of rule\\n" "$PM" + fi fi - fi - chown $MYUSERNAME:$MYUSERNAME $PM + chown "$MYUSERNAME":"$MYUSERNAME" "$PM" fi else - exit $(${PROJECT_NAME}-addemail -u $MYUSERNAME -e $LIST_ADDRESS -g $MAILINGLIST --public $PUBLIC) + exit "$("${PROJECT_NAME}-addemail" -u "$MYUSERNAME" -e "$LIST_ADDRESS" -g "$MAILINGLIST" --public "$PUBLIC")" fi if [ ! -f "$MUTTRC" ]; then - cp /etc/Muttrc $MUTTRC - chown $MYUSERNAME:$MYUSERNAME $MUTTRC + cp /etc/Muttrc "$MUTTRC" + chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC" fi -PROCMAILLOG=/home/$MYUSERNAME/log -if [ ! -d $PROCMAILLOG ]; then - mkdir $PROCMAILLOG - chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG +PROCMAILLOG="/home/$MYUSERNAME/log" +if [ ! -d "$PROCMAILLOG" ]; then + mkdir "$PROCMAILLOG" + chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG" fi -MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC) -if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then - if ! grep -q "=$MAILINGLIST" $MUTTRC; then - sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC - chown $MYUSERNAME:$MYUSERNAME $MUTTRC +MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC") +if [[ "$MUTT_MAILBOXES" != *$MAILINGLIST* ]]; then + if ! grep -q "=$MAILINGLIST" "$MUTTRC"; then + sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" "$MUTTRC" + chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC" fi fi -if [ $LIST_ADDRESS ]; then - sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" $MUTTRC - if ! grep -q "subscribe $LIST_ADDRESS" $MUTTRC; then - echo "subscribe $LIST_ADDRESS" >> $MUTTRC +if [ "$LIST_ADDRESS" ]; then + sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" "$MUTTRC" + if ! grep -q "subscribe $LIST_ADDRESS" "$MUTTRC"; then + echo "subscribe $LIST_ADDRESS" >> "$MUTTRC" fi fi diff --git a/src/freedombone-addremove b/src/freedombone-addremove index 2c8f8c5f..219d45d8 100755 --- a/src/freedombone-addremove +++ b/src/freedombone-addremove @@ -34,27 +34,27 @@ export TEXTDOMAIN=${PROJECT_NAME}-addremove export TEXTDOMAINDIR="/usr/share/locale" PROJECT_INSTALL_DIR=/usr/local/bin -if [ -f /usr/bin/${PROJECT_NAME} ]; then +if [ -f "/usr/bin/${PROJECT_NAME}" ]; then PROJECT_INSTALL_DIR=/usr/bin fi -COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt -CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg +COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt" +CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg" # Start including files -source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars +source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars" -UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* +UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do - source $f + source "$f" done -APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* +APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*" for f in $APP_FILES do - source $f + source "$f" done # End including files @@ -67,17 +67,17 @@ function mark_unselected_apps_as_removed { return fi - if [ -f $REMOVED_APPS_FILE ]; then - rm $REMOVED_APPS_FILE + if [ -f "$REMOVED_APPS_FILE" ]; then + rm "$REMOVED_APPS_FILE" fi app_index=0 for app_name in "${APPS_AVAILABLE[@]}" do if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then - echo "_${app_name}_" >> $REMOVED_APPS_FILE + echo "_${app_name}_" >> "$REMOVED_APPS_FILE" fi - app_index=$[app_index+1] + app_index=$((app_index+1)) done } @@ -93,7 +93,7 @@ function app_expected_to_be_installed { echo "0" return fi - if ! grep -q "IN_DEFAULT_INSTALL=1" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then + if ! grep -q "IN_DEFAULT_INSTALL=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then echo "0" return fi @@ -102,7 +102,7 @@ function app_expected_to_be_installed { } function show_apps { - select_all_apps=$1 + select_all_apps="$1" applist="" n=1 app_index=0 @@ -117,19 +117,20 @@ function show_apps { applist="$applist $n $a on" fi fi - n=$[n+1] - app_index=$[app_index+1] + n=$((n+1)) + app_index=$((app_index+1)) done choices=$(dialog --stdout --backtitle $"Freedombone" \ --title $"Add/Remove Applications" \ --checklist $'Choose:' \ - 27 40 20 $applist) + 27 40 20 "$applist") + # shellcheck disable=SC2181 if [ $? -eq 0 ]; then for choice in $choices do - app_index=$[choice-1] + app_index=$((choice-1)) APPS_CHOSEN[$app_index]="1" done else @@ -151,10 +152,10 @@ function remove_apps_selected { else removals="${APPS_AVAILABLE[$app_index]}" fi - n=$[n+1] + n=$((n+1)) fi fi - app_index=$[app_index+1] + app_index=$((app_index+1)) done # if no apps to be removed then don't do anything @@ -166,7 +167,7 @@ function remove_apps_selected { dialog --title $"Remove applications" \ --backtitle $"Freedombone" \ --defaultno \ - --yesno $"\nYou have chosen to remove $n apps.\n\n $removals\n\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\n\nAre you sure that you wish to continue?" 15 60 + --yesno $"\\nYou have chosen to remove $n apps.\\n\\n $removals\\n\\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\\n\\nAre you sure that you wish to continue?" 15 60 sel=$? case $sel in 1) return;; @@ -195,10 +196,10 @@ function install_apps_selected { else installs="${APPS_AVAILABLE[$app_index]}" fi - n=$[n+1] + n=$((n+1)) fi fi - app_index=$[app_index+1] + app_index=$((app_index+1)) done # if no apps to be installed then don't do anything @@ -212,13 +213,13 @@ function install_apps_selected { dialog --title $"$installs" \ --backtitle $"Freedombone" \ --defaultno \ - --yesno $"\nThis will install the $installs app\n\nProceed?" 9 40 + --yesno $"\\nThis will install the $installs app\\n\\nProceed?" 9 40 else - dialog_height=$((15 + $n)) + dialog_height=$((15 + "$n")) dialog --title $"Add applications" \ --backtitle $"Freedombone" \ --defaultno \ - --yesno $"\nYou have chosen to install $n apps\n\n $installs\n\nProceed?" $dialog_height 60 + --yesno $"\\nYou have chosen to install $n apps\\n\\n $installs\\n\\nProceed?" $dialog_height 60 fi sel=$? case $sel in @@ -232,14 +233,13 @@ function install_apps_selected { # install the apps read_configuration install_apps interactive - if [ ! $APP_INSTALLED_SUCCESS ]; then + if [ ! "$APP_INSTALLED_SUCCESS" ]; then echo $'One or more apps failed to install' fi } if [[ $1 == "test"* ]]; then - ${PROJECT_NAME}-tests - if [ ! "$?" = "0" ]; then + if ! ${PROJECT_NAME}-tests; then exit 2 fi fi @@ -251,8 +251,8 @@ if [[ ${#APPS_AVAILABLE[@]} == 0 ]]; then exit 1 fi -show_apps $1 -mark_unselected_apps_as_removed $1 +show_apps "$1" +mark_unselected_apps_as_removed "$1" clear diff --git a/src/freedombone-adduser b/src/freedombone-adduser index 9271fca4..9dfb9178 100755 --- a/src/freedombone-adduser +++ b/src/freedombone-adduser @@ -34,18 +34,18 @@ PROJECT_NAME='freedombone' export TEXTDOMAIN=${PROJECT_NAME}-adduser export TEXTDOMAINDIR="/usr/share/locale" -CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg +CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg" -UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* +UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do - source $f + source "$f" done -APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* +APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*" for f in $APP_FILES do - source $f + source "$f" done ADD_USERNAME=$1 @@ -55,35 +55,35 @@ SSH_PORT=2222 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt DEFAULT_DOMAIN_NAME= -if [ ! $ADD_USERNAME ]; then +if [ ! "$ADD_USERNAME" ]; then echo $'No username was given' exit 1 fi -if [ -d /home/$ADD_USERNAME ]; then +if [ -d "/home/$ADD_USERNAME" ]; then echo $"The user $ADD_USERNAME already exists" exit 2 fi -if [ ! -f $COMPLETION_FILE ]; then +if [ ! -f "$COMPLETION_FILE" ]; then echo $"$COMPLETION_FILE not found" - userdel -r $ADD_USERNAME + userdel -r "$ADD_USERNAME" exit 3 fi # Minimum number of characters in a password -MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}') +MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}') -NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})" +NEW_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" chmod 600 /etc/shadow chmod 600 /etc/gshadow -useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME -adduser $ADD_USERNAME sasl -groupadd $ADD_USERNAME +useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash "$ADD_USERNAME" +adduser "$ADD_USERNAME" sasl +groupadd "$ADD_USERNAME" chmod 0000 /etc/shadow chmod 0000 /etc/gshadow -if [ ! -d /home/$ADD_USERNAME ]; then +if [ ! -d "/home/$ADD_USERNAME" ]; then echo $'Home directory was not created' exit 4 fi @@ -91,15 +91,15 @@ fi if [ "$SSH_PUBLIC_KEY" ]; then if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then if [ -f "$SSH_PUBLIC_KEY" ]; then - mkdir /home/$ADD_USERNAME/.ssh - cp $SSH_PUBLIC_KEY /home/$ADD_USERNAME/.ssh/authorized_keys - chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh + mkdir "/home/$ADD_USERNAME/.ssh" + cp "$SSH_PUBLIC_KEY" "/home/$ADD_USERNAME/.ssh/authorized_keys" + chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh" echo $'ssh public key installed' else if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then - mkdir /home/$ADD_USERNAME/.ssh - echo "$SSH_PUBLIC_KEY" > /home/$ADD_USERNAME/.ssh/authorized_keys - chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh + mkdir "/home/$ADD_USERNAME/.ssh" + echo "$SSH_PUBLIC_KEY" > "/home/$ADD_USERNAME/.ssh/authorized_keys" + chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh" echo $'ssh public key installed' else echo $'The second parameter does not look like an ssh key' @@ -109,55 +109,54 @@ if [ "$SSH_PUBLIC_KEY" ]; then fi fi -if [ -d /home/$ADD_USERNAME/Maildir ]; then - if grep -q "set from=" /home/$ADD_USERNAME/.muttrc; then - sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" /home/$ADD_USERNAME/.muttrc +if [ -d "/home/$ADD_USERNAME/Maildir" ]; then + if grep -q "set from=" "/home/$ADD_USERNAME/.muttrc"; then + sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" "/home/$ADD_USERNAME/.muttrc" else - echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> /home/$ADD_USERNAME/.muttrc + echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> "/home/$ADD_USERNAME/.muttrc" fi - USERN='$USER@' - sed -i "s|$USERN|$ADD_USERNAME@|g" /home/$ADD_USERNAME/.procmailrc + sed -i "s|\$USER@|$ADD_USERNAME@|g" "/home/$ADD_USERNAME/.procmailrc" fi # generate a gpg key echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME" -mkdir /home/$ADD_USERNAME/.gnupg -echo "keyserver $GPG_KEYSERVER" >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo 'keyserver-options auto-key-retrieve' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo '' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo '# default preferences' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo 'personal-digest-preferences SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo 'cert-digest-algo SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf -echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$ADD_USERNAME/.gnupg/gpg.conf +mkdir "/home/$ADD_USERNAME/.gnupg" +{ echo "keyserver $GPG_KEYSERVER"; + echo 'keyserver-options auto-key-retrieve'; + echo ''; + echo '# default preferences'; + echo 'personal-digest-preferences SHA256'; + echo 'cert-digest-algo SHA256'; + echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf" -chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg -chmod 700 /home/$ADD_USERNAME/.gnupg -chmod 600 /home/$ADD_USERNAME/.gnupg/* +chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg" +chmod 700 "/home/$ADD_USERNAME/.gnupg" +chmod 600 "/home/$ADD_USERNAME/.gnupg/*" # Generate a GPG key -echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf -echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf -echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf -echo "Name-Real: $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf -echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf -echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf -echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf -chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf -su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME -chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg -shred -zu /home/$ADD_USERNAME/gpg-genkey.conf +{ echo 'Key-Type: eddsa'; + echo 'Key-Curve: Ed25519'; + echo 'Subkey-Type: eddsa'; + echo "Name-Real: $ADD_USERNAME"; + echo "Name-Email: $ADD_USERNAME@$HOSTNAME"; + echo 'Expire-Date: 0'; + echo "Passphrase: $NEW_USER_PASSWORD"; } > "/home/$ADD_USERNAME/gpg-genkey.conf" +chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf" +su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME" +chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg" +shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf" MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME") -MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg -su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME +MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg" +su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME" -if [ ! -f $MY_GPG_PUBLIC_KEY ]; then +if [ ! -f "$MY_GPG_PUBLIC_KEY" ]; then echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID" - userdel -r $ADD_USERNAME + userdel -r "$ADD_USERNAME" exit 7 fi -gpg_agent_setup $ADD_USERNAME +gpg_agent_setup "$ADD_USERNAME" # add a monkeysphere subkey #echo $'Adding monkeysphere subkey' @@ -173,82 +172,82 @@ gpg_agent_setup $ADD_USERNAME #echo $'Updating monkeysphere users' #monkeysphere-authentication update-users -if [ -f /home/$ADD_USERNAME/.muttrc ]; then +if [ -f "/home/$ADD_USERNAME/.muttrc" ]; then # encrypt outgoing mail to the "sent" folder - if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then - echo '' >> /home/$ADD_USERNAME/.muttrc - echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc - echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc + if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then + { echo ''; + echo $'# Encrypt items in the Sent folder'; + echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$ADD_USERNAME/.muttrc" else - sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc + sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc" fi - if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then - echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc + if ! grep -q "pgp_encrypt_sign_command" "/home/$ADD_USERNAME/.muttrc"; then + echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$ADD_USERNAME/.muttrc" else - sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc + sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc" fi fi -if ! grep -q "Change your GPG password" /home/$ADD_USERNAME/README; then - echo '' >> /home/$ADD_USERNAME/README - echo '' >> /home/$ADD_USERNAME/README - echo $'# Change your GPG password' >> /home/$ADD_USERNAME/README - echo $"It's very important to add a password to your GPG key so that" >> /home/$ADD_USERNAME/README - echo $"if anyone does get access to your email they still won't be able" >> /home/$ADD_USERNAME/README - echo $'to read them without knowning the GPG password.' >> /home/$ADD_USERNAME/README - echo $'You can change the it with:' >> /home/$ADD_USERNAME/README - echo '' >> /home/$ADD_USERNAME/README - echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$ADD_USERNAME/README - echo ' passwd' >> /home/$ADD_USERNAME/README - echo ' save' >> /home/$ADD_USERNAME/README - echo ' quit' >> /home/$ADD_USERNAME/README +if ! grep -q "Change your GPG password" "/home/$ADD_USERNAME/README"; then + { echo ''; + echo ''; + echo $'# Change your GPG password'; + echo $"It's very important to add a password to your GPG key so that"; + echo $"if anyone does get access to your email they still won't be able"; + echo $'to read them without knowning the GPG password.'; + echo $'You can change the it with:'; + echo ''; + echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID"; + echo ' passwd'; + echo ' save'; + echo ' quit'; } >> "/home/$ADD_USERNAME/README" fi -chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/README -chown $ADD_USERNAME:$ADD_USERNAME $MY_GPG_PUBLIC_KEY -chmod 600 /home/$ADD_USERNAME/README +chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/README" +chown "$ADD_USERNAME":"$ADD_USERNAME" "$MY_GPG_PUBLIC_KEY" +chmod 600 "/home/$ADD_USERNAME/README" echo $'Detecting installed apps...' detect_apps get_apps_installed_names for app_name in "${APPS_INSTALLED_NAMES[@]}" do - if [[ $(function_exists add_user_${app_name}) == "1" ]]; then + if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then echo $"Adding user to ${app_name}" - app_load_variables ${app_name} - retval=$(add_user_${app_name} "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1) + app_load_variables "${app_name}" + retval=$("add_user_${app_name}" "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1) if [[ $retval != '0' ]]; then echo $"Failed with error code ${retval}" - ${PROJECT_NAME}-rmuser $ADD_USERNAME --force + "${PROJECT_NAME}-rmuser" "$ADD_USERNAME" --force exit 672392 fi - if ! grep -q "${app_name}_${ADD_USERNAME}" $APP_USERS_FILE; then - echo "${app_name}_${ADD_USERNAME}" >> $APP_USERS_FILE + if ! grep -q "${app_name}_${ADD_USERNAME}" "$APP_USERS_FILE"; then + echo "${app_name}_${ADD_USERNAME}" >> "$APP_USERS_FILE" fi fi done if [ -f /etc/nginx/.htpasswd ]; then if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then - echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME + echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd "$ADD_USERNAME" fi fi # add user menu on ssh login -if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then - echo 'controluser' >> /home/$ADD_USERNAME/.bashrc +if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then + echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc" fi # fix some gpg strangeness when searching for keys -printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr -if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then - chmod +x /home/$ADD_USERNAME/.gnupg/crls.d +printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$ADD_USERNAME/.gnupg/S.dirmngr" +if [ -d "/home/$ADD_USERNAME/.gnupg/crls.d" ]; then + chmod +x "/home/$ADD_USERNAME/.gnupg/crls.d" fi -${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD" +"${PROJECT_NAME}-pass" -u "$ADD_USERNAME" -a login -p "$NEW_USER_PASSWORD" -gpg_agent_enable $ADD_USERNAME +gpg_agent_enable "$ADD_USERNAME" clear diff --git a/src/freedombone-app-akaunting b/src/freedombone-app-akaunting index 82fbc44d..6887c7a4 100755 --- a/src/freedombone-app-akaunting +++ b/src/freedombone-app-akaunting @@ -49,12 +49,12 @@ akaunting_variables=(ONION_ONLY MY_USERNAME) function akaunting_remove_bad_links { - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 365873658 # copy jquery locally jquery_version='1.12.4' if [ ! -f jquery-${jquery_version}.js ]; then - cd /var/www/$GHOST_DOMAIN_NAME/htdocs + cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324 wget https://code.jquery.com/jquery-${jquery_version}.js jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}') if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then @@ -74,7 +74,7 @@ function akaunting_remove_bad_links { sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html - chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" } function logging_on_akaunting { @@ -88,65 +88,66 @@ function logging_off_akaunting { function remove_user_akaunting { remove_username="$1" - ${PROJECT_NAME}-pass -u $remove_username --rmapp akaunting + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp akaunting } function add_user_akaunting { new_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $new_username -a akaunting -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$new_username" -a akaunting -p "$new_user_password" echo '0' } function install_interactive_akaunting { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi - if [[ $ONION_ONLY != "no" ]]; then + if [[ "$ONION_ONLY" != "no" ]]; then AKAUNTING_DOMAIN_NAME='akaunting.local' else AKAUNTING_DETAILS_COMPLETE= while [ ! $AKAUNTING_DETAILS_COMPLETE ] do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"Akaunting Configuration" \ - --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ + --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ - 2> $data + 2> "$data" else dialog --backtitle $"Freedombone Configuration" \ --title $"Akaunting Configuration" \ - --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ + --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \ $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ - 2> $data + 2> "$data" fi sel=$? case $sel in - 1) exit 1;; - 255) exit 1;; + 1) rm -f "$data" + exit 1;; + 255) rm -f "$data" + exit 1;; esac - AKAUNTING_DOMAIN_NAME=$(cat $data | sed -n 1p) - if [ $AKAUNTING_DOMAIN_NAME ]; then + AKAUNTING_DOMAIN_NAME=$(sed -n 1p < "$data") + if [ "$AKAUNTING_DOMAIN_NAME" ]; then if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then AKAUNTING_DOMAIN_NAME="" fi TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME validate_domain_name - if [[ $TEST_DOMAIN_NAME != $AKAUNTING_DOMAIN_NAME ]]; then + if [[ "$TEST_DOMAIN_NAME" != "$AKAUNTING_DOMAIN_NAME" ]]; then AKAUNTING_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then - AKAUNTING_CODE=$(cat $data | sed -n 2p) + AKAUNTING_CODE=$(sed -n 2p < "$data") validate_freedns_code "$AKAUNTING_CODE" - if [ ! $VALID_CODE ]; then + if [ ! "$VALID_CODE" ]; then AKAUNTING_DOMAIN_NAME= fi fi @@ -155,6 +156,7 @@ function install_interactive_akaunting { if [ $AKAUNTING_DOMAIN_NAME ]; then AKAUNTING_DETAILS_COMPLETE="yes" fi + rm -f "$data" done write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE" @@ -169,23 +171,23 @@ function change_password_akaunting { read_config_param 'AKAUNTING_DOMAIN_NAME' - ${PROJECT_NAME}-pass -u "$curr_username" -a akaunting -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$curr_username" -a akaunting -p "$new_user_password" } function akaunting_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - AKAUNTING_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + AKAUNTING_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then - AKAUNTING_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then + AKAUNTING_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then + if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then return fi function_check create_database - create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" $MY_USERNAME + create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" "$MY_USERNAME" } function reconfigure_akaunting { @@ -198,70 +200,69 @@ function upgrade_akaunting { return fi - if grep -q "akaunting domain" $COMPLETION_FILE; then + if grep -q "akaunting domain" "$COMPLETION_FILE"; then AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain") fi # update to the next commit function_check set_repo_commit - set_repo_commit /var/www/$AKAUNTING_DOMAIN_NAME/htdocs "akaunting commit" "$AKAUNTING_COMMIT" $AKAUNTING_REPO + set_repo_commit "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" "akaunting commit" "$AKAUNTING_COMMIT" "$AKAUNTING_REPO" - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 367835 install_composer akaunting_remove_bad_links - chown -R www-data:www-data /var/www/${AKAUNTING_DOMAIN_NAME}/htdocs + chown -R www-data:www-data "/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" } function backup_local_akaunting { - akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs - if [ -d $akaunting_path ]; then - suspend_site ${AKAUNTING_DOMAIN_NAME} + akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" + if [ -d "$akaunting_path" ]; then + suspend_site "${AKAUNTING_DOMAIN_NAME}" function_check backup_database_to_usb backup_database_to_usb akaunting - backup_directory_to_usb $akaunting_path akaunting + backup_directory_to_usb "$akaunting_path" akaunting restart_site fi } function restore_local_akaunting { temp_restore_dir=/root/tempakaunting - akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs + akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" - suspend_site ${AKAUNTING_DOMAIN_NAME} + suspend_site "${AKAUNTING_DOMAIN_NAME}" function_check akaunting_create_database akaunting_create_database - restore_database akaunting ${AKAUNTING_DOMAIN_NAME} - chown www-data:www-data $akaunting_dir + restore_database akaunting "${AKAUNTING_DOMAIN_NAME}" + chown www-data:www-data "$akaunting_dir" restart_site } function backup_remote_akaunting { - akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs - if [ -d $akaunting_path ]; then - suspend_site ${AKAUNTING_DOMAIN_NAME} + akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" + if [ -d "$akaunting_path" ]; then + suspend_site "${AKAUNTING_DOMAIN_NAME}" function_check backup_database_to_friend backup_database_to_friend akaunting - backup_directory_to_friend $akaunting_path akaunting + backup_directory_to_friend "$akaunting_path" akaunting restart_site fi } function restore_remote_akaunting { - temp_restore_dir=/root/tempakaunting - akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs + akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs" - suspend_site ${AKAUNTING_DOMAIN_NAME} + suspend_site "${AKAUNTING_DOMAIN_NAME}" function_check akaunting_create_database akaunting_create_database - restore_database_from_friend akaunting ${AKAUNTING_DOMAIN_NAME} - chown www-data:www-data $akaunting_dir + restore_database_from_friend akaunting "${AKAUNTING_DOMAIN_NAME}" + chown www-data:www-data "$akaunting_dir" restart_site } @@ -274,28 +275,28 @@ function remove_akaunting { read_config_param "AKAUNTING_DOMAIN_NAME" read_config_param "MY_USERNAME" echo "Removing $AKAUNTING_DOMAIN_NAME" - nginx_dissite $AKAUNTING_DOMAIN_NAME - remove_certs $AKAUNTING_DOMAIN_NAME + nginx_dissite "$AKAUNTING_DOMAIN_NAME" + remove_certs "$AKAUNTING_DOMAIN_NAME" - if [ -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then - rm -rf /var/www/$AKAUNTING_DOMAIN_NAME + if [ -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then + rm -rf "/var/www/$AKAUNTING_DOMAIN_NAME" fi - if [ -f /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" fi function_check drop_database drop_database akaunting function_check remove_onion_service - remove_onion_service akaunting ${AKAUNTING_ONION_PORT} + remove_onion_service akaunting "${AKAUNTING_ONION_PORT}" if grep -q "akaunting" /etc/crontab; then sed -i "/akaunting/d" /etc/crontab fi remove_app akaunting remove_completion_param install_akaunting - sed -i '/akaunting/d' $COMPLETION_FILE + sed -i '/akaunting/d' "$COMPLETION_FILE" function_check remove_ddns_domain - remove_ddns_domain $AKAUNTING_DOMAIN_NAME + remove_ddns_domain "$AKAUNTING_DOMAIN_NAME" } function install_akaunting { @@ -303,7 +304,7 @@ function install_akaunting { ONION_ONLY='no' fi - if [ ! $AKAUNTING_DOMAIN_NAME ]; then + if [ ! "$AKAUNTING_DOMAIN_NAME" ]; then echo $'No domain name was given for akaunting' exit 89353 fi @@ -317,142 +318,142 @@ function install_akaunting { apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl - if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then - mkdir /var/www/$AKAUNTING_DOMAIN_NAME + if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then + mkdir "/var/www/$AKAUNTING_DOMAIN_NAME" fi - if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then if [ -d /repos/akaunting ]; then - mkdir /var/www/$AKAUNTING_DOMAIN_NAME/htdocs - cp -r -p /repos/akaunting/. /var/www/$AKAUNTING_DOMAIN_NAME/htdocs - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + mkdir "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" + cp -r -p /repos/akaunting/. "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23458735 git pull else function_check git_clone - git_clone $AKAUNTING_REPO /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + git_clone "$AKAUNTING_REPO" "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" fi - if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then echo $'Unable to clone akaunting repo' exit 2589389 fi fi - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs - git checkout $AKAUNTING_COMMIT -b $AKAUNTING_COMMIT + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23468724527 + git checkout "$AKAUNTING_COMMIT" -b "$AKAUNTING_COMMIT" set_completion_param "akaunting commit" "$AKAUNTING_COMMIT" - chmod g+w /var/www/$AKAUNTING_DOMAIN_NAME/htdocs - chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + chmod g+w "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" + chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" - cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs + cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 34783524 install_composer function_check akaunting_create_database akaunting_create_database function_check add_ddns_domain - add_ddns_domain $AKAUNTING_DOMAIN_NAME + add_ddns_domain "$AKAUNTING_DOMAIN_NAME" AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT}) akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $AKAUNTING_DOMAIN_NAME "index index.php" - echo 'server {' >> $akaunting_nginx_site - echo ' listen 443 ssl;' >> $akaunting_nginx_site - echo ' #listen [::]:443 ssl;' >> $akaunting_nginx_site - echo " server_name $AKAUNTING_DOMAIN_NAME;" >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site + nginx_http_redirect "$AKAUNTING_DOMAIN_NAME" "index index.php" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $AKAUNTING_DOMAIN_NAME;"; + echo ''; } >> "$akaunting_nginx_site" function_check nginx_compress - nginx_compress $AKAUNTING_DOMAIN_NAME - echo '' >> $akaunting_nginx_site - echo ' # Security' >> $akaunting_nginx_site + nginx_compress "$AKAUNTING_DOMAIN_NAME" + echo '' >> "$akaunting_nginx_site" + echo ' # Security' >> "$akaunting_nginx_site" function_check nginx_ssl - nginx_ssl $AKAUNTING_DOMAIN_NAME + nginx_ssl "$AKAUNTING_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME + nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' access_log /dev/null;' >> $akaunting_nginx_site - echo ' error_log /dev/null;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' index index.php;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location ~ \.php {' >> $akaunting_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site - echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location / {' >> $akaunting_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' location / {'; } >> "$akaunting_nginx_site" function_check nginx_limits - nginx_limits $AKAUNTING_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location @akaunting {' >> $akaunting_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site - echo ' deny all;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo '}' >> $akaunting_nginx_site + nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @akaunting;"; + echo ' }'; + echo ''; + echo ' location @akaunting {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo '}'; } >> "$akaunting_nginx_site" else - echo -n '' > $akaunting_nginx_site + echo -n '' > "$akaunting_nginx_site" fi - echo 'server {' >> $akaunting_nginx_site - echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;" >> $akaunting_nginx_site - echo " server_name $AKAUNTING_ONION_HOSTNAME;" >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - function_check nginx_compress - nginx_compress $AKAUNTING_DOMAIN_NAME - echo '' >> $akaunting_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;"; + echo " server_name $AKAUNTING_ONION_HOSTNAME;"; + echo ''; } >> "$akaunting_nginx_site" + function_check nginx_compress + nginx_compress "$AKAUNTING_DOMAIN_NAME" + echo '' >> "$akaunting_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME - echo '' >> $akaunting_nginx_site - echo ' access_log /dev/null;' >> $akaunting_nginx_site - echo ' error_log /dev/null;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' index index.php;' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location ~ \.php {' >> $akaunting_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site - echo ' fastcgi_read_timeout 30;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location / {' >> $akaunting_nginx_site + nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME" + { echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' location / {'; } >> "$akaunting_nginx_site" function_check nginx_limits - nginx_limits $AKAUNTING_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location @akaunting {' >> $akaunting_nginx_site - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '' >> $akaunting_nginx_site - echo ' location ~ /\.(ht|git) {' >> $akaunting_nginx_site - echo ' deny all;' >> $akaunting_nginx_site - echo ' }' >> $akaunting_nginx_site - echo '}' >> $akaunting_nginx_site + nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ @akaunting;"; + echo ' }'; + echo ''; + echo ' location @akaunting {'; + echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; + echo ' }'; + echo ''; + echo ' location ~ /\.(ht|git) {'; + echo ' deny all;'; + echo ' }'; + echo '}'; } >> "$akaunting_nginx_site" function_check configure_php configure_php function_check create_site_certificate - create_site_certificate $AKAUNTING_DOMAIN_NAME 'yes' + create_site_certificate "$AKAUNTING_DOMAIN_NAME" 'yes' function_check nginx_ensite - nginx_ensite $AKAUNTING_DOMAIN_NAME + nginx_ensite "$AKAUNTING_DOMAIN_NAME" akaunting_remove_bad_links @@ -460,7 +461,7 @@ function install_akaunting { systemctl restart php7.0-fpm systemctl restart nginx - ${PROJECT_NAME}-pass -u $MY_USERNAME -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD" set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME" diff --git a/src/freedombone-app-batman b/src/freedombone-app-batman index 907ba715..22c64170 100755 --- a/src/freedombone-app-batman +++ b/src/freedombone-app-batman @@ -53,7 +53,7 @@ function install_interactive_batman { } function configure_firewall_for_batman { - if [[ $(is_completed $FUNCNAME) == "1" ]]; then + if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then return fi if [[ $ENABLE_BATMAN != "yes" ]]; then @@ -62,7 +62,7 @@ function configure_firewall_for_batman { function_check save_firewall_settings save_firewall_settings - mark_completed $FUNCNAME + mark_completed "${FUNCNAME[0]}" } function reconfigure_batman { @@ -90,8 +90,7 @@ function restore_remote_batman { } function remove_batman { - ${PROJECT_NAME}-mesh-install -f batman --remove yes - if [ ! "$?" = "0" ]; then + if ! "${PROJECT_NAME}-mesh-install" -f batman --remove yes; then echo $'Failed to remove batman' exit 79353 fi @@ -100,45 +99,46 @@ function remove_batman { } function mesh_install_batman { + # shellcheck disable=SC2154 chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git chroot "$rootdir" apt-get -yq install wireless-tools rfkill - if ! grep -q "batman_adv" $rootdir/etc/modules; then - echo 'batman_adv' >> $rootdir/etc/modules + if ! grep -q "batman_adv" "$rootdir/etc/modules"; then + echo 'batman_adv' >> "$rootdir/etc/modules" fi BATMAN_SCRIPT=$rootdir/var/lib/batman - if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then - cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT + if [ -f "/usr/local/bin/${PROJECT_NAME}-mesh-batman" ]; then + cp "/usr/local/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT" else - cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT + cp "/usr/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT" fi BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service - echo '[Unit]' > $BATMAN_DAEMON - echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON - echo 'After=network.target' >> $BATMAN_DAEMON - echo '' >> $BATMAN_DAEMON - echo '[Service]' >> $BATMAN_DAEMON - echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON - echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON - echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON - echo 'Restart=on-failure' >> $BATMAN_DAEMON - echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON - echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON - echo '' >> $BATMAN_DAEMON - echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON - echo 'TimeoutSec=300' >> $BATMAN_DAEMON - echo '' >> $BATMAN_DAEMON - echo '[Install]' >> $BATMAN_DAEMON - echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON + { echo '[Unit]'; + echo 'Description=B.A.T.M.A.N. Advanced'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'RemainAfterExit=yes'; + echo "ExecStart=/var/lib/batman start"; + echo "ExecStop=/var/lib/batman stop"; + echo 'Restart=on-failure'; + echo 'SuccessExitStatus=3 4'; + echo 'RestartForceExitStatus=3 4'; + echo ''; + echo '# Allow time for the server to start/stop'; + echo 'TimeoutSec=300'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON" chroot "$rootdir" systemctl enable batman } function install_batman { - if [ $INSTALLING_MESH ]; then + if [ "$INSTALLING_MESH" ]; then mesh_install_batman return fi @@ -146,8 +146,7 @@ function install_batman { return fi - ${PROJECT_NAME}-mesh-install -f batman - if [ ! "$?" = "0" ]; then + if ! "${PROJECT_NAME}-mesh-install" -f batman; then echo $'Failed to install batman' exit 72524 fi diff --git a/src/freedombone-app-bdsmail b/src/freedombone-app-bdsmail index 20ae44f1..6aa179b8 100755 --- a/src/freedombone-app-bdsmail +++ b/src/freedombone-app-bdsmail @@ -49,29 +49,29 @@ function bdsmail_configure_users { if [[ $(is_valid_user "$USERNAME") == "1" ]]; then # Add the user to the i2p group - usermod -a -G i2psvc $USERNAME + usermod -a -G i2psvc "$USERNAME" - if [ -f /home/$USERNAME/.muttrc ]; then + if [ -f "/home/$USERNAME/.muttrc" ]; then # Create a mutt i2p folder - if ! grep -q ' =i2p' /home/$USERNAME/.muttrc; then - MUTT_MAILBOXES=$(grep "mailboxes =" /home/$USERNAME/.muttrc) - sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" /home/$USERNAME/.muttrc + if ! grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then + MUTT_MAILBOXES=$(grep "mailboxes =" "/home/$USERNAME/.muttrc") + sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" "/home/$USERNAME/.muttrc" fi # Create a mutt folder hook to the i2p config - if ! grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then - echo 'folder-hook !i2p/* source ~/.muttrc' >> /home/$USERNAME/.muttrc + if ! grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then + echo 'folder-hook !i2p/* source ~/.muttrc' >> "/home/$USERNAME/.muttrc" fi - if ! grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then - echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> /home/$USERNAME/.muttrc + if ! grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then + echo 'folder-hook i2p/* source ~/.mutt/bdsmail' >> "/home/$USERNAME/.muttrc" fi fi # Create a directory where i2p mail will be stored - if [ ! -d /home/$USERNAME/Maildir/i2p/new ]; then - mkdir -p /home/$USERNAME/Maildir/i2p/cur - mkdir -p /home/$USERNAME/Maildir/i2p/new - chown -R $USERNAME:$USERNAME /home/$USERNAME/Maildir/i2p + if [ ! -d "/home/$USERNAME/Maildir/i2p/new" ]; then + mkdir -p "/home/$USERNAME/Maildir/i2p/cur" + mkdir -p "/home/$USERNAME/Maildir/i2p/new" + chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/Maildir/i2p" fi fi done @@ -93,18 +93,18 @@ function add_user_bdsmail { new_username="$1" new_user_password="$2" - if [ ! -d /home/$new_username/.mutt ]; then - mkdir /home/$new_username/.mutt - cp /etc/skel/.mutt/bdsmail /home/$new_username/.mutt + if [ ! -d "/home/$new_username/.mutt" ]; then + mkdir "/home/$new_username/.mutt" + cp /etc/skel/.mutt/bdsmail "/home/$new_username/.mutt" fi read_config_param MY_USERNAME - BDSMAIL_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail) - sed -i "s|username|$new_username|g" /home/$new_username/.mutt/bdsmail - sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$new_username/.mutt/bdsmail + BDSMAIL_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail) + sed -i "s|username|$new_username|g" "/home/$new_username/.mutt/bdsmail" + sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$new_username/.mutt/bdsmail" bdsmail_configure_users - cd $BDSMAIL_DIR - $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $new_username /home/$new_username/Maildir/i2p "$BDSMAIL_PASSWORD" - chown -R $new_username:$new_username /home/$new_username/.mutt + cd $BDSMAIL_DIR || exit 57247684234 + $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$new_username" "/home/$new_username/Maildir/i2p" "$BDSMAIL_PASSWORD" + chown -R "$new_username":"$new_username" "/home/$new_username/.mutt" echo '0' } @@ -117,16 +117,16 @@ function change_password_bdsmail { curr_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$new_user_password" for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" /home/${USERNAME}/.mutt/bdsmail - sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail - chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail - cd $BDSMAIL_DIR - $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $curr_username /home/$curr_username/Maildir/i2p "$new_user_password" + sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" "/home/${USERNAME}/.mutt/bdsmail" + sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail" + chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail" + cd $BDSMAIL_DIR || exit 2468246 + $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$curr_username" "/home/$curr_username/Maildir/i2p" "$new_user_password" fi done } @@ -136,9 +136,9 @@ function bdsmail_update_domain { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - cp /etc/skel/.mutt/bdsmail /home/${USERNAME}/.mutt/bdsmail - sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail - chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail + cp /etc/skel/.mutt/bdsmail "/home/${USERNAME}/.mutt/bdsmail" + sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail" + chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail" fi done } @@ -154,7 +154,7 @@ function bdsmail_wait_for_key_generation { sleep 30 bds_domain=$(bdsmail_domain) sleep_ctr=$((sleep_ctr + 1)) - if [ $sleep_ctr -gt 100 ]; then + if [ "$sleep_ctr" -gt 100 ]; then break fi done @@ -178,9 +178,9 @@ function upgrade_bdsmail { fi # update to the next commit - set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" $BDSMAIL_REPO - cd $BDSMAIL_DIR - make GOROOT=/home/go/go${GO_VERSION} + set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" "$BDSMAIL_REPO" + cd $BDSMAIL_DIR || exit 2457245 + make GOROOT="/home/go/go${GO_VERSION}" chown -R i2psvc:i2psvc $BDSMAIL_DIR systemctl restart bdsmail @@ -210,7 +210,7 @@ function restore_local_bdsmail { function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir bdsmail if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$bdsmail_dir ]; then + if [ -d $temp_restore_dir$bdsmail_dir ]; then cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/ else if [ ! -d $bdsmail_dir ]; then @@ -246,7 +246,7 @@ function restore_remote_bdsmail { function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir bdsmail if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$bdsmail_dir ]; then + if [ -d $temp_restore_dir$bdsmail_dir ]; then cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/ else if [ ! -d $bdsmail_dir ]; then @@ -272,33 +272,33 @@ function remove_bdsmail { USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then # remove the user from the i2p group - deluser $USERNAME i2psvc + deluser "$USERNAME" i2psvc # Remove mutt folder hook to the i2p config - if [ -f /home/$USERNAME/.muttrc ]; then - if grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then - sed -i '/folder-hook !i2p/d' /home/$USERNAME/.muttrc + if [ -f "/home/$USERNAME/.muttrc" ]; then + if grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then + sed -i '/folder-hook !i2p/d' "/home/$USERNAME/.muttrc" fi - if grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then - sed -i '/folder-hook i2p/d' /home/$USERNAME/.muttrc + if grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then + sed -i '/folder-hook i2p/d' "/home/$USERNAME/.muttrc" fi fi # Remove folder - if grep -q ' =i2p' /home/$USERNAME/.muttrc; then - sed -i 's| =i2p||g' /home/$USERNAME/.muttrc + if grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then + sed -i 's| =i2p||g' "/home/$USERNAME/.muttrc" fi # NOTE: leave Maildir/i2p/cur. We might want to archive that # or just be reinstalling the system without losing mail - rm -rf /home/$USERNAME/Maildir/i2p/new + rm -rf "/home/$USERNAME/Maildir/i2p/new" fi done remove_i2p remove_app bdsmail remove_completion_param install_bdsmail - sed -i '/bdsmail/d' $COMPLETION_FILE + sed -i '/bdsmail/d' "$COMPLETION_FILE" rm -rf /etc/skel/.mutt if [ -d $BDSMAIL_DIR ]; then rm -rf $BDSMAIL_DIR @@ -319,10 +319,10 @@ function install_bdsmail { if [ -d /repos/bdsmail ]; then mkdir $BDSMAIL_DIR cp -r -p /repos/bdsmail/. $BDSMAIL_DIR - cd $BDSMAIL_DIR + cd $BDSMAIL_DIR || exit 24687246 git pull else - git_clone $BDSMAIL_REPO $BDSMAIL_DIR + git_clone "$BDSMAIL_REPO" "$BDSMAIL_DIR" fi if [ ! -d $BDSMAIL_DIR ]; then @@ -330,14 +330,14 @@ function install_bdsmail { exit 5735735 fi - cd $BDSMAIL_DIR - git checkout $BDSMAIL_COMMIT -b $BDSMAIL_COMMIT + cd $BDSMAIL_DIR || exit 2468246 + git checkout "$BDSMAIL_COMMIT" -b "$BDSMAIL_COMMIT" set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT" mkdir -p $BDSMAIL_DIR/Maildir/i2p chmod -R 700 $BDSMAIL_DIR/Maildir - make GOROOT=/home/go/go${GO_VERSION} + make GOROOT="/home/go/go${GO_VERSION}" if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then echo $'Unable to make bdsmail' exit 87923567842 @@ -347,72 +347,72 @@ function install_bdsmail { i2p_enable_sam # create configuration file - $BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini - echo '[maild]' > $BDSMAIL_DIR/config.ini - echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT" >> $BDSMAIL_DIR/config.ini - echo 'i2pkeyfile = bdsmail-privkey.dat' >> $BDSMAIL_DIR/config.ini - echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT" >> $BDSMAIL_DIR/config.ini - echo "bindweb = 127.0.0.1:$I2P_WEB_PORT" >> $BDSMAIL_DIR/config.ini - echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT" >> $BDSMAIL_DIR/config.ini - echo 'domain = localhost' >> $BDSMAIL_DIR/config.ini - echo 'maildir = Maildir/i2p' >> $BDSMAIL_DIR/config.ini - echo 'database = localhost.sqlite' >> $BDSMAIL_DIR/config.ini - echo 'assets = contrib/assets/web' >> $BDSMAIL_DIR/config.ini + #$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini + { echo '[maild]': + echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT"; + echo 'i2pkeyfile = bdsmail-privkey.dat'; + echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT"; + echo "bindweb = 127.0.0.1:$I2P_WEB_PORT"; + echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT"; + echo 'domain = localhost'; + echo 'maildir = Maildir/i2p'; + echo 'database = localhost.sqlite'; + echo 'assets = contrib/assets/web'; } > $BDSMAIL_DIR/config.ini - echo '[Unit]' > /etc/systemd/system/bdsmail.service - echo 'Description=bdsmail' >> /etc/systemd/system/bdsmail.service - echo 'After=syslog.target' >> /etc/systemd/system/bdsmail.service - echo 'After=network.target' >> /etc/systemd/system/bdsmail.service - echo '' >> /etc/systemd/system/bdsmail.service - echo '[Service]' >> /etc/systemd/system/bdsmail.service - echo 'Type=simple' >> /etc/systemd/system/bdsmail.service - echo 'User=i2psvc' >> /etc/systemd/system/bdsmail.service - echo 'Group=i2psvc' >> /etc/systemd/system/bdsmail.service - echo "WorkingDirectory=$BDSMAIL_DIR" >> /etc/systemd/system/bdsmail.service - echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini" >> /etc/systemd/system/bdsmail.service - echo 'Restart=always' >> /etc/systemd/system/bdsmail.service - echo 'Environment="USER=i2psvc"' >> /etc/systemd/system/bdsmail.service - echo '' >> /etc/systemd/system/bdsmail.service - echo '[Install]' >> /etc/systemd/system/bdsmail.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/bdsmail.service + { echo '[Unit]'; + echo 'Description=bdsmail'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=i2psvc'; + echo 'Group=i2psvc'; + echo "WorkingDirectory=$BDSMAIL_DIR"; + echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini"; + echo 'Restart=always'; + echo 'Environment="USER=i2psvc"'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/bdsmail.service - echo '#!/usr/bin/env python2' > $BDSMAIL_DIR/get_address - echo 'import base64, hashlib, sys' >> $BDSMAIL_DIR/get_address - echo 'with open(sys.argv[1]) as f:' >> $BDSMAIL_DIR/get_address - echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")" >> $BDSMAIL_DIR/get_address + { echo '#!/usr/bin/env python2'; + echo 'import base64, hashlib, sys'; + echo 'with open(sys.argv[1]) as f:'; + echo " print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")"; } > $BDSMAIL_DIR/get_address chmod +x $BDSMAIL_DIR/get_address chown -R i2psvc:i2psvc $BDSMAIL_DIR systemctl enable bdsmail systemctl start bdsmail - echo '#!/bin/bash' > /usr/bin/bdsmail_distribute - echo "BDSMAIL_DIR=$BDSMAIL_DIR" >> /usr/bin/bdsmail_distribute - echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')" >> /usr/bin/bdsmail_distribute - echo 'if [ ! -d $MAIL_DIR/postmaster/new ]; then' >> /usr/bin/bdsmail_distribute - echo ' exit 0' >> /usr/bin/bdsmail_distribute - echo 'fi' >> /usr/bin/bdsmail_distribute - echo 'for filename in $MAIL_DIR/postmaster/new/*; do' >> /usr/bin/bdsmail_distribute - echo ' to_line=$(cat $filename | grep "To: " | head -n 1)' >> /usr/bin/bdsmail_distribute - echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')" >> /usr/bin/bdsmail_distribute - echo ' if [ -d /home/$to_username/Maildir/i2p/new ]; then' >> /usr/bin/bdsmail_distribute - echo ' chown $to_username:$to_username $filename' >> /usr/bin/bdsmail_distribute - echo ' chmod 600 $filename' >> /usr/bin/bdsmail_distribute - echo ' mv $filename /home/$to_username/Maildir/i2p/new' >> /usr/bin/bdsmail_distribute - echo ' fi' >> /usr/bin/bdsmail_distribute - echo 'done' >> /usr/bin/bdsmail_distribute + { echo '#!/bin/bash'; + echo "BDSMAIL_DIR=$BDSMAIL_DIR"; + echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')"; + echo "if [ ! -d \$MAIL_DIR/postmaster/new ]; then"; + echo ' exit 0'; + echo 'fi'; + echo "for filename in \$MAIL_DIR/postmaster/new/*; do"; + echo " to_line=\$(cat \$filename | grep \"To: \" | head -n 1)"; + echo " to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')"; + echo " if [ -d /home/\$to_username/Maildir/i2p/new ]; then"; + echo " chown \$to_username:\$to_username \$filename"; + echo " chmod 600 \$filename"; + echo " mv \$filename /home/\$to_username/Maildir/i2p/new"; + echo ' fi'; + echo 'done'; } > /usr/bin/bdsmail_distribute chmod +x /usr/bin/bdsmail_distribute if ! grep -q 'bdsmail_distribute' /etc/crontab; then cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null' fi - echo '#!/bin/bash' > /usr/bin/bdsmail_domain - echo "cd $BDSMAIL_DIR" >> /usr/bin/bdsmail_domain - echo 'if [ ! -f bdsmail-privkey.dat ]; then' >> /usr/bin/bdsmail_domain - echo ' exit 1' >> /usr/bin/bdsmail_domain - echo 'fi' >> /usr/bin/bdsmail_domain - echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'" >> /usr/bin/bdsmail_domain + { echo '#!/bin/bash'; + echo "cd $BDSMAIL_DIR"; + echo 'if [ ! -f bdsmail-privkey.dat ]; then'; + echo ' exit 1'; + echo 'fi'; + echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'"; } > /usr/bin/bdsmail_domain chmod +x /usr/bin/bdsmail_domain echo '' @@ -422,7 +422,7 @@ function install_bdsmail { bdsmail_wait_for_key_generation - if [ ! $bds_domain ]; then + if [ ! "$bds_domain" ]; then systemctl stop bdsmail systemctl disable bdsmail remove_i2p @@ -430,38 +430,38 @@ function install_bdsmail { exit 8934638 fi - BDSMAIL_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$BDSMAIL_PASSWORD" - cd $BDSMAIL_DIR + BDSMAIL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$BDSMAIL_PASSWORD" + cd $BDSMAIL_DIR || exit 2346872427 $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD" # Create mutt configuration if [ ! -d /etc/skel/.mutt ]; then mkdir /etc/skel/.mutt fi - echo 'set mbox_type=Maildir' > /etc/skel/.mutt/bdsmail - echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/" >> /etc/skel/.mutt/bdsmail - echo 'set use_from=yes' >> /etc/skel/.mutt/bdsmail - echo "set from=username@${bds_domain}" >> /etc/skel/.mutt/bdsmail - echo "set spoolfile=~/Maildir/i2p" >> /etc/skel/.mutt/bdsmail - echo 'set pgp_autoencrypt=no' >> /etc/skel/.mutt/bdsmail - echo 'set pgp_replyencrypt=no' >> /etc/skel/.mutt/bdsmail - echo 'set pgp_autosign=no' >> /etc/skel/.mutt/bdsmail - echo 'set pgp_replysign=no' >> /etc/skel/.mutt/bdsmail + { echo 'set mbox_type=Maildir'; + echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/"; + echo 'set use_from=yes'; + echo "set from=username@${bds_domain}"; + echo "set spoolfile=~/Maildir/i2p"; + echo 'set pgp_autoencrypt=no'; + echo 'set pgp_replyencrypt=no'; + echo 'set pgp_autosign=no'; + echo 'set pgp_replysign=no'; } > /etc/skel/.mutt/bdsmail # mutt configuration for the admin user - if [ ! -d /home/$MY_USERNAME/.mutt ]; then - mkdir /home/$MY_USERNAME/.mutt + if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then + mkdir "/home/$MY_USERNAME/.mutt" fi - cp /etc/skel/.mutt/bdsmail /home/$MY_USERNAME/.mutt - sed -i "s|username|$MY_USERNAME|g" /home/$MY_USERNAME/.mutt/bdsmail - sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$MY_USERNAME/.mutt/bdsmail - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt + cp /etc/skel/.mutt/bdsmail "/home/$MY_USERNAME/.mutt" + sed -i "s|username|$MY_USERNAME|g" "/home/$MY_USERNAME/.mutt/bdsmail" + sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$MY_USERNAME/.mutt/bdsmail" + chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt" bdsmail_configure_users - cd $BDSMAIL_DIR - $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $MY_USERNAME /home/$MY_USERNAME/Maildir/i2p "$BDSMAIL_PASSWORD" + cd $BDSMAIL_DIR || exit 2457245 + $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$MY_USERNAME" "/home/$MY_USERNAME/Maildir/i2p" "$BDSMAIL_PASSWORD" APP_INSTALLED=1 } diff --git a/src/freedombone-app-cryptpad b/src/freedombone-app-cryptpad index 1a3d7c4b..090bc875 100755 --- a/src/freedombone-app-cryptpad +++ b/src/freedombone-app-cryptpad @@ -101,7 +101,7 @@ function upgrade_cryptpad { function_check set_repo_commit set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 254724 cryptpad_create_config npm upgrade npm install @@ -156,7 +156,7 @@ function restore_local_cryptpad { } function backup_remote_cryptpad { - if grep -q "cryptpad domain" $COMPLETION_FILE; then + if grep -q "cryptpad domain" "$COMPLETION_FILE"; then temp_backup_dir=$CRYPTPAD_DIR/datastore if [ -d $temp_backup_dir ]; then systemctl stop cryptpad @@ -226,7 +226,7 @@ function remove_cryptpad { remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT} remove_app cryptpad remove_completion_param install_cryptpad - sed -i '/cryptpad/d' $COMPLETION_FILE + sed -i '/cryptpad/d' "$COMPLETION_FILE" userdel -r cryptpad } @@ -236,123 +236,124 @@ function cryptpad_create_config { cryptpad_prefix= if [[ "$cryptpad_install_type" == "mesh" ]]; then - cryptpad_prefix=$rootdir + # shellcheck disable=SC2154 + cryptpad_prefix="$rootdir" fi - echo '/*@flow*/' > $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '/*' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' globals module' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '*/' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo 'module.exports = {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " httpAddress: '::'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' httpHeaders: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "X-XSS-Protection": "1; mode=block",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "X-Content-Type-Options": "nosniff",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "Access-Control-Allow-Origin": "*"' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' contentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"style-src 'unsafe-inline' 'self' \" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"script-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"font-src 'self' data:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "child-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "frame-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "media-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"connect-src 'self' ws: wss: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"img-src 'self' data: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "frame-ancestors *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' padContentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"style-src 'unsafe-inline' 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"font-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "child-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "frame-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " \"connect-src 'self' ws: wss:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' "img-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " httpPort: ${CRYPTPAD_PORT}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' // This is for allowing the cross-domain iframe to function when developing' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " httpSafePort: ${CRYPTPAD_PORT2}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " websocketPath: '/cryptpad_websocket'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' logToStdout: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' verbose: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' mainPages: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " 'index'" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' ],' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' removeDonateButton: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' allowSubscriptions: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js + { echo '/*@flow*/'; + echo '/*'; + echo ' globals module'; + echo '*/'; + echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';"; + echo 'module.exports = {'; + echo " httpAddress: '::',"; + echo ' httpHeaders: {'; + echo ' "X-XSS-Protection": "1; mode=block",'; + echo ' "X-Content-Type-Options": "nosniff",'; + echo ' "Access-Control-Allow-Origin": "*"'; + echo ' },'; + echo ''; + echo ' contentSecurity: ['; + echo " \"default-src 'none'\","; + echo " \"style-src 'unsafe-inline' 'self' \" + domain,"; + echo " \"script-src 'self'\" + domain,"; + echo " \"font-src 'self' data:\" + domain,"; + echo ''; + echo ' "child-src blob: *",'; + echo ' "frame-src blob: *",'; + echo ' "media-src * blob:",'; + echo ''; + echo " \"connect-src 'self' ws: wss: blob:\" + domain,"; + echo ''; + echo " \"img-src 'self' data: blob:\" + domain,"; + echo ''; + echo ' "frame-ancestors *",'; + echo " ].join('; '),"; + echo ''; + echo ' padContentSecurity: ['; + echo " \"default-src 'none'\","; + echo " \"style-src 'unsafe-inline' 'self'\" + domain,"; + echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,"; + echo " \"font-src 'self'\" + domain,"; + echo ''; + echo ' "child-src *",'; + echo ' "frame-src *",'; + echo ''; + echo " \"connect-src 'self' ws: wss:\" + domain,"; + echo ''; + echo ' "img-src * blob:",'; + echo " ].join('; '),"; + echo ''; + echo " httpPort: ${CRYPTPAD_PORT},"; + echo ''; + echo ' // This is for allowing the cross-domain iframe to function when developing'; + echo " httpSafePort: ${CRYPTPAD_PORT2},"; + echo ''; + echo " websocketPath: '/cryptpad_websocket',"; + echo ''; + echo ' logToStdout: false,'; + echo ''; + echo ' verbose: false,'; + echo ''; + echo ' mainPages: ['; + echo " 'index'"; + echo ' ],'; + echo ''; + echo ' removeDonateButton: true,'; + echo ' allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js" if [[ "$cryptpad_install_type" == "mesh" ]]; then - echo " myDomain: 'http://P${PEER_ID}.local'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js + echo " myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js" else CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname) - echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js + echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js" fi - echo ' defaultStorageLimit: 50 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' customLimits: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' adminEmail: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " storage: './storage/file'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " filePath: './datastore/'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " pinPath: './pins'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " blobPath: './blob'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " blobStagingPath: './blobstage'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' channelExpirationMs: 30000,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' openFileLimit: 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo " rpc: './rpc.js'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' suppressRPCErrors: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' enableUploads: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' //restrictUploads: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' maxUploadSize: 20 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' //logFeedback: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo ' //logRPC: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js - echo '};' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js + { echo ' defaultStorageLimit: 50 * 1024 * 1024,'; + echo ''; + echo ' customLimits: {'; + echo ' },'; + echo ''; + echo ' adminEmail: false,'; + echo ''; + echo " storage: './storage/file',"; + echo ''; + echo " filePath: './datastore/',"; + echo " pinPath: './pins',"; + echo " blobPath: './blob',"; + echo " blobStagingPath: './blobstage',"; + echo ' channelExpirationMs: 30000,'; + echo ' openFileLimit: 1024,'; + echo " rpc: './rpc.js',"; + echo ' suppressRPCErrors: false,'; + echo ' enableUploads: true,'; + echo ' //restrictUploads: false,'; + echo ' maxUploadSize: 20 * 1024 * 1024,'; + echo ' //logFeedback: true,'; + echo ' //logRPC: true,'; + echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js" if [[ "$cryptpad_install_type" != "mesh" ]]; then - chown cryptpad:cryptpad $cryptpad_prefix$CRYPTPAD_DIR/config.js + chown cryptpad:cryptpad "$cryptpad_prefix$CRYPTPAD_DIR/config.js" else chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js fi } function mesh_install_cryptpad { - if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then + # shellcheck disable=SC2153 + if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then return fi - if [ ! -d $rootdir/var/www/cryptpad ]; then - mkdir $rootdir/var/www/cryptpad + if [ ! -d "$rootdir/var/www/cryptpad" ]; then + mkdir "$rootdir/var/www/cryptpad" fi - if [ -d $rootdir$CRYPTPAD_DIR ]; then - rm -rf $rootdir$CRYPTPAD_DIR + if [ -d "$rootdir$CRYPTPAD_DIR" ]; then + rm -rf "$rootdir$CRYPTPAD_DIR" fi - git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR + git_clone "$CRYPTPAD_REPO" "$rootdir$CRYPTPAD_DIR" - if [ ! -d $rootdir$CRYPTPAD_DIR ]; then + if [ ! -d "$rootdir$CRYPTPAD_DIR" ]; then echo $'Unable to clone cryptpad repo' exit 783251 fi @@ -360,94 +361,94 @@ function mesh_install_cryptpad { # an unprivileged user to run as chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad - cd $rootdir$CRYPTPAD_DIR - git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT + cd "$rootdir$CRYPTPAD_DIR" || exit 34683568 + git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT" chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad - echo 'server {' > $cryptpad_nginx_site - echo " listen 80 default_server;" >> $cryptpad_nginx_site - echo " server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # Logs' >> $cryptpad_nginx_site - echo ' access_log /dev/null;' >> $cryptpad_nginx_site - echo ' error_log /dev/null;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # Root' >> $cryptpad_nginx_site - echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' index index.html;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site - echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site - echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site - echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site - echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site - echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site - echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site - echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site + { echo 'server {'; + echo " listen 80 default_server;"; + echo " server_name P${PEER_ID}.local;"; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root $CRYPTPAD_DIR;"; + echo ''; + echo ' index index.html;'; + echo ''; + echo ' add_header X-XSS-Protection "1; mode=block";'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ' add_header X-Frame-Options SAMEORIGIN;'; + echo ''; + echo " if (\$uri = /pad/inner.html) {"; + echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";"; + echo ' }'; + echo ''; + echo ' location = /cryptpad_websocket {'; + echo " proxy_pass http://localhost:$CRYPTPAD_PORT;"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ''; + echo ' # WebSocket support (nginx 1.4)'; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection upgrade;'; + echo ' }'; + echo ''; - echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site - echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site - echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site - echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' location = /api/config {' >> $cryptpad_nginx_site - echo ' default_type text/javascript;' >> $cryptpad_nginx_site - echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /register/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /login/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /about.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site - echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site - echo '}' >> $cryptpad_nginx_site + echo ' location ^~ /customize.dist/ {'; + echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root'; + echo ' }'; + echo ' location ^~ /customize/ {'; + echo " rewrite ^/customize/(.*)\$ \$1 break;"; + echo " try_files /customize/\$uri /customize.dist/\$uri;"; + echo ' }'; + echo ' location = /api/config {'; + echo ' default_type text/javascript;'; + echo ' rewrite ^.*$ /customize/api/config break;'; + echo ' }'; + echo ''; + echo ' location ^~ /blob/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /register/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /login/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /about.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /contact.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /what-is-cryptpad.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {'; + echo " rewrite ^(.*)\$ \$1/ redirect;"; + echo ' }'; + echo ''; + echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;"; + echo '}'; } > "$cryptpad_nginx_site" - cd $rootdir$CRYPTPAD_DIR + cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527 get_npm_arch - cat < $rootdir/usr/bin/install_cryptpad + cat < "$rootdir/usr/bin/install_cryptpad" #!/bin/bash cd $CRYPTPAD_DIR npm install --arch=$NPM_ARCH --build-from-source @@ -456,37 +457,37 @@ chown -R cryptpad:cryptpad $CRYPTPAD_DIR su -c 'bower install' - cryptpad cp config.example.js config.js EOF - chmod +x $rootdir/usr/bin/install_cryptpad + chmod +x "$rootdir/usr/bin/install_cryptpad" chroot "$rootdir" /usr/bin/install_cryptpad - if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then + if [ ! -f "$rootdir$CRYPTPAD_DIR/config.js" ]; then echo $'Cryptpad config file not found' exit 628252 fi - rm $rootdir/usr/bin/install_cryptpad + rm "$rootdir/usr/bin/install_cryptpad" cryptpad_create_config mesh chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR # daemon - echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service - echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service - echo '' >> $rootdir/etc/systemd/system/cryptpad.service - echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service - echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service - echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service - echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service - echo '' >> $rootdir/etc/systemd/system/cryptpad.service - echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service - echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service + { echo '[Unit]'; + echo 'Description=Cryptpad'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'User=cryptpad'; + echo 'Group=cryptpad'; + echo "WorkingDirectory=$CRYPTPAD_DIR"; + echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js"; + echo 'Environment=PATH=/usr/bin:/usr/local/bin'; + echo 'Environment=NODE_ENV=production'; + echo 'Restart=on-failure'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service" chroot "$rootdir" systemctl enable cryptpad.service } @@ -505,7 +506,7 @@ function install_cryptpad_main { if [ -d /repos/cryptpad ]; then mkdir $CRYPTPAD_DIR cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 3468356385 git pull else function_check git_clone @@ -520,7 +521,7 @@ function install_cryptpad_main { # an unprivileged user to run as useradd -d $CRYPTPAD_DIR/ cryptpad - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 34683655 git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT" @@ -529,87 +530,87 @@ function install_cryptpad_main { CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT}) cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad - echo 'server {' > $cryptpad_nginx_site - echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site - echo " server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # Logs' >> $cryptpad_nginx_site - echo ' access_log /dev/null;' >> $cryptpad_nginx_site - echo ' error_log /dev/null;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # Root' >> $cryptpad_nginx_site - echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' index index.html;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' if ($args ~ ver=) {' >> $cryptpad_nginx_site - echo ' set $cacheControl max-age=31536000;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' add_header Cache-Control $cacheControl;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site - echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site - echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site - echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site - echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site - echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site - echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site - echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site - echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;"; + echo " server_name $CRYPTPAD_ONION_HOSTNAME;"; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root $CRYPTPAD_DIR;"; + echo ''; + echo ' index index.html;'; + echo ''; + echo " if (\$args ~ ver=) {"; + echo " set \$cacheControl max-age=31536000;"; + echo ' }'; + echo " add_header Cache-Control \$cacheControl;"; + echo ''; + echo ' add_header X-XSS-Protection "1; mode=block";'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ' add_header X-Frame-Options SAMEORIGIN;'; + echo ''; + echo " if (\$uri = /pad/inner.html) {"; + echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";"; + echo ' }'; + echo ''; + echo ' location = /cryptpad_websocket {'; + echo " proxy_pass http://localhost:$CRYPTPAD_PORT;"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ''; + echo ' # WebSocket support (nginx 1.4)'; + echo ' proxy_http_version 1.1;'; + echo " proxy_set_header Upgrade \$http_upgrade;"; + echo ' proxy_set_header Connection upgrade;'; + echo ' }'; + echo ''; - echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site - echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site - echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site - echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo ' location = /api/config {' >> $cryptpad_nginx_site - echo ' default_type text/javascript;' >> $cryptpad_nginx_site - echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /register/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /login/ {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /about.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site - echo ' try_files $uri =404;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site - echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site - echo ' }' >> $cryptpad_nginx_site - echo '' >> $cryptpad_nginx_site - echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site - echo '}' >> $cryptpad_nginx_site + echo ' location ^~ /customize.dist/ {'; + echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root'; + echo ' }'; + echo ' location ^~ /customize/ {'; + echo " rewrite ^/customize/(.*)\$ \$1 break;"; + echo " try_files /customize/\$uri /customize.dist/\$uri;"; + echo ' }'; + echo ' location = /api/config {'; + echo ' default_type text/javascript;'; + echo ' rewrite ^.*$ /customize/api/config break;'; + echo ' }'; + echo ''; + echo ' location ^~ /blob/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /register/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /login/ {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /about.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /contact.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ^~ /what-is-cryptpad.html {'; + echo " try_files \$uri =404;"; + echo ' }'; + echo ''; + echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {'; + echo " rewrite ^(.*)\$ \$1/ redirect;"; + echo ' }'; + echo ''; + echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;"; + echo '}'; } > $cryptpad_nginx_site function_check nginx_ensite nginx_ensite cryptpad @@ -623,7 +624,7 @@ function install_cryptpad { install_cryptpad_main - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 35483548 npm install npm install -g bower@1.8.0 @@ -639,22 +640,22 @@ function install_cryptpad { chown -R cryptpad:cryptpad $CRYPTPAD_DIR # daemon - echo '[Unit]' > /etc/systemd/system/cryptpad.service - echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service - echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service - echo 'After=network.target' >> /etc/systemd/system/cryptpad.service - echo '' >> /etc/systemd/system/cryptpad.service - echo '[Service]' >> /etc/systemd/system/cryptpad.service - echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service - echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service - echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service - echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> /etc/systemd/system/cryptpad.service - echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/cryptpad.service - echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/cryptpad.service - echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service - echo '' >> /etc/systemd/system/cryptpad.service - echo '[Install]' >> /etc/systemd/system/cryptpad.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service + { echo '[Unit]'; + echo 'Description=Cryptpad'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'User=cryptpad'; + echo 'Group=cryptpad'; + echo "WorkingDirectory=$CRYPTPAD_DIR"; + echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js"; + echo 'Environment=PATH=/usr/bin:/usr/local/bin'; + echo 'Environment=NODE_ENV=production'; + echo 'Restart=on-failure'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service systemctl enable cryptpad.service systemctl daemon-reload systemctl start cryptpad.service @@ -664,7 +665,7 @@ function install_cryptpad { cryptpad_generate_api_config # install again - cd $CRYPTPAD_DIR + cd $CRYPTPAD_DIR || exit 73537453 su -c 'bower install' - cryptpad systemctl restart nginx diff --git a/src/freedombone-app-dlna b/src/freedombone-app-dlna index 902b3fde..c3218fd5 100755 --- a/src/freedombone-app-dlna +++ b/src/freedombone-app-dlna @@ -49,24 +49,27 @@ function logging_off_dlna { function configure_interactive_dlna { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Media Menu" \ --radiolist $"Choose an operation:" 13 70 3 \ 1 $"Attach a drive containing playable media" off \ 2 $"Remove a drive containing playable media" off \ - 3 $"Exit" on 2> $data + 3 $"Exit" on 2> "$data" sel=$? case $sel in - 1) break;; - 255) break;; + 1) rm -f "$data" + break;; + 255) rm -f "$data" + break;; esac - case $(cat $data) in + case $(cat "$data") in 1) attach-music;; 2) remove-music;; - 3) break;; + 3) rm -f "$data" + break;; esac + rm -f "$data" done } @@ -84,7 +87,7 @@ function upgrade_dlna { } function configure_firewall_for_dlna { - if [[ $(is_completed $FUNCNAME) == "1" ]]; then + if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then @@ -95,23 +98,23 @@ function configure_firewall_for_dlna { firewall_add DLNA 1900 udp firewall_add DLNA 8200 tcp - echo '' > /etc/avahi/services/dlna.service - echo '' >> /etc/avahi/services/dlna.service - echo '' >> /etc/avahi/services/dlna.service - echo ' %h DLNA' >> /etc/avahi/services/dlna.service - echo ' ' >> /etc/avahi/services/dlna.service - echo ' _dlna._tcp' >> /etc/avahi/services/dlna.service - echo " 8200" >> /etc/avahi/services/dlna.service - echo ' ' >> /etc/avahi/services/dlna.service - echo ' ' >> /etc/avahi/services/dlna.service - echo ' _dlna._udp' >> /etc/avahi/services/dlna.service - echo " 1900" >> /etc/avahi/services/dlna.service - echo ' ' >> /etc/avahi/services/dlna.service - echo '' >> /etc/avahi/services/dlna.service + { echo ''; + echo ''; + echo ''; + echo ' %h DLNA'; + echo ' '; + echo ' _dlna._tcp'; + echo " 8200"; + echo ' '; + echo ' '; + echo ' _dlna._udp'; + echo " 1900"; + echo ' '; + echo ''; } > /etc/avahi/services/dlna.service systemctl restart avahi-daemon - mark_completed $FUNCNAME + mark_completed "${FUNCNAME[0]}" } function backup_local_dlna { @@ -125,7 +128,7 @@ function backup_local_dlna { function restore_local_dlna { if [ -d /var/cache/minidlna ]; then - if [ -d $USB_MOUNT_DLNA/backup/dlna ]; then + if [ -d "$USB_MOUNT_DLNA/backup/dlna" ]; then echo $"Restoring DLNA cache" temp_restore_dir=/root/tempdlna function_check restore_directory_from_usb @@ -135,6 +138,7 @@ function restore_local_dlna { else cp -r $temp_restore_dir/* /var/cache/minidlna/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -156,7 +160,7 @@ function backup_remote_dlna { function restore_remote_dlna { if [ -d /var/cache/minidlna ]; then - if [ -d $SERVER_DIRECTORY/backup/dlna ]; then + if [ -d "$SERVER_DIRECTORY/backup/dlna" ]; then temp_restore_dir=/root/tempdlna function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir dlna @@ -165,6 +169,7 @@ function restore_remote_dlna { else cp -r $temp_restore_dir/* /var/cache/minidlna/ fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 982 fi @@ -201,7 +206,7 @@ function install_dlna_main { exit 55 fi - if [ ! $USB_MOUNT_DLNA ]; then + if [ ! "$USB_MOUNT_DLNA" ]; then USB_MOUNT_DLNA=/mnt/dlna fi if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then @@ -242,7 +247,7 @@ function install_dlna_main { systemctl reload minidlna sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf - if ! grep -q "max_user_watches" $COMPLETION_FILE; then + if ! grep -q "max_user_watches" "$COMPLETION_FILE"; then echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf fi /sbin/sysctl -p -q @@ -253,43 +258,43 @@ function install_dlna_main { } function script_for_attaching_usb_drive { - if [[ $(is_completed $FUNCNAME) == "1" ]]; then + if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then return fi - echo '#!/bin/bash' > /usr/bin/attach-music - echo "source /usr/local/bin/${PROJECT_NAME}-vars" >> /usr/bin/attach-music - echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" >> /usr/bin/attach-music - echo '' >> /usr/bin/attach-music - echo 'for f in $UTILS_FILES' >> /usr/bin/attach-music - echo 'do' >> /usr/bin/attach-music - echo ' source $f' >> /usr/bin/attach-music - echo 'done' >> /usr/bin/attach-music - echo '' >> /usr/bin/attach-music - echo 'USB_DRIVE=/dev/sda1' >> /usr/bin/attach-music - echo 'detect_usb_drive' >> /usr/bin/attach-music - echo '' >> /usr/bin/attach-music - echo 'remove-music' >> /usr/bin/attach-music - echo "if [ ! -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/attach-music - echo " mkdir $USB_MOUNT_DLNA" >> /usr/bin/attach-music - echo 'fi' >> /usr/bin/attach-music - echo -n 'mount $USB_DRIVE ' >> /usr/bin/attach-music - echo "$USB_MOUNT_DLNA" >> /usr/bin/attach-music - echo "chown root:root $USB_MOUNT_DLNA" >> /usr/bin/attach-music - echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*" >> /usr/bin/attach-music - echo 'systemctl restart minidlna' >> /usr/bin/attach-music - echo 'minidlnad -R' >> /usr/bin/attach-music - echo 'exit 0' >> /usr/bin/attach-music + { echo '#!/bin/bash'; + echo "source /usr/local/bin/${PROJECT_NAME}-vars"; + echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"; + echo ''; + echo "for f in \$UTILS_FILES"; + echo 'do'; + echo " source \$f"; + echo 'done'; + echo ''; + echo 'USB_DRIVE=/dev/sda1'; + echo 'detect_usb_drive'; + echo ''; + echo 'remove-music'; + echo "if [ ! -d $USB_MOUNT_DLNA ]; then"; + echo " mkdir $USB_MOUNT_DLNA"; + echo 'fi'; + echo -n "mount \$USB_DRIVE "; + echo "$USB_MOUNT_DLNA"; + echo "chown root:root $USB_MOUNT_DLNA"; + echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*"; + echo 'systemctl restart minidlna'; + echo 'minidlnad -R'; + echo 'exit 0'; } > /usr/bin/attach-music chmod +x /usr/bin/attach-music - echo '#!/bin/bash' > /usr/bin/remove-music - echo "if [ -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/remove-music - echo " umount $USB_MOUNT_DLNA" >> /usr/bin/remove-music - echo " rm -rf $USB_MOUNT_DLNA" >> /usr/bin/remove-music - echo 'fi' >> /usr/bin/remove-music - echo 'exit 0' >> /usr/bin/remove-music + { echo '#!/bin/bash'; + echo "if [ -d $USB_MOUNT_DLNA ]; then"; + echo " umount $USB_MOUNT_DLNA"; + echo " rm -rf $USB_MOUNT_DLNA"; + echo 'fi'; + echo 'exit 0'; } > /usr/bin/remove-music chmod +x /usr/bin/remove-music - mark_completed $FUNCNAME + mark_completed "${FUNCNAME[0]}" } function install_dlna { diff --git a/src/freedombone-app-dokuwiki b/src/freedombone-app-dokuwiki index 3258cf2c..0c47b474 100755 --- a/src/freedombone-app-dokuwiki +++ b/src/freedombone-app-dokuwiki @@ -75,18 +75,18 @@ function change_password_dokuwiki { new_user_password="$2" DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") - if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then + if grep -q "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}') - existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1) + existing_user=$(grep "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" | hean -n 1) if [[ "$existing_user" == *":admin,"* ]]; then - sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php + sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" else - sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php + sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" fi - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - ${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password" + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + "${PROJECT_NAME}-pass" -u "$curr_username" -a dokuwiki -p "$new_user_password" fi } @@ -96,21 +96,21 @@ function add_user_dokuwiki { DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}') - echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - ${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password" + echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + "${PROJECT_NAME}-pass" -u "$new_username" -a dokuwiki -p "$new_user_password" } function remove_user_dokuwiki { remove_username="$1" read_config_param "DOKUWIKI_DOMAIN_NAME" - if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then - sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - ${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki + if grep -q "$remove_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then + sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp dokuwiki fi } @@ -120,7 +120,7 @@ function reconfigure_dokuwiki { function upgrade_dokuwiki { function_check set_repo_commit - set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO + set_repo_commit "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO } function backup_local_dokuwiki { @@ -129,18 +129,18 @@ function backup_local_dokuwiki { function_check backup_directory_to_usb # backup the data - source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data - if [ -d $source_directory ]; then + source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" + if [ -d "$source_directory" ]; then dest_directory=dokuwikidat - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" fi # backup the users - source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl - if [ -d $source_directory ]; then + source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" + if [ -d "$source_directory" ]; then dest_directory=dokuwikiacl - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ - backup_directory_to_usb $source_directory $dest_directory + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" + backup_directory_to_usb "$source_directory" "$dest_directory" fi } @@ -153,11 +153,12 @@ function restore_local_dokuwiki { temp_restore_dir=/root/tempdokuwikidat function_check restore_directory_from_usb restore_directory_from_usb ${temp_restore_dir} dokuwikidat - if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data ]; then - cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data + if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data" ]; then + cp -r "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" else - cp -r ${temp_restore_dir}/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data + cp -r "${temp_restore_dir}/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then function_check restore_directory_from_usb set_user_permissions @@ -172,13 +173,14 @@ function restore_local_dokuwiki { temp_restore_dir=/root/tempdokuwikiacl function_check restore_directory_from_usb restore_directory_from_usb ${temp_restore_dir} dokuwikiacl - if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl ]; then - cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ - cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/ + if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl" ]; then + cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" + cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/" else - cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ - cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/ + cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" + cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then function_check restore_directory_from_usb set_user_permissions @@ -189,21 +191,21 @@ function restore_local_dokuwiki { fi rm -rf ${temp_restore_dir} - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib - chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib" + chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" echo $"Restore of Dokuwiki complete" } function backup_remote_dokuwiki { DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain") - if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then + if [ -d "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" ]; then echo $"Backing up dokuwiki" - backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ - backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl + backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" dokuwikidat + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" + backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" dokuwikiacl fi } @@ -212,15 +214,16 @@ function restore_remote_dokuwiki { function_check get_completion_param function_check restore_directory_from_friend - if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then + if [ -d "$SERVER_DIRECTORY/backup/dokuwikidat" ]; then echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME" temp_restore_dir=/root/tempdokuwikidat restore_directory_from_friend $temp_restore_dir dokuwikidat - if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data ]; then - cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/ + if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" ]; then + cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/" else - cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/ + cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 92634 fi @@ -229,15 +232,16 @@ function restore_remote_dokuwiki { echo $"Restore of Dokuwiki data complete" fi - if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then + if [ -d "$SERVER_DIRECTORY/backup/dokuwikiacl" ]; then echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME" temp_restore_dir=/root/tempdokuwikiacl restore_directory_from_friend $temp_restore_dir dokuwikiacl - if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl ]; then - cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ + if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" ]; then + cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" else - cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/ + cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 735287 fi @@ -246,11 +250,11 @@ function restore_remote_dokuwiki { echo $"Restore of Dokuwiki users complete" fi - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib - chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib" + chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" } function remove_dokuwiki { @@ -259,13 +263,13 @@ function remove_dokuwiki { fi function_check remove_onion_service remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT} - nginx_dissite $DOKUWIKI_DOMAIN_NAME - remove_certs $DOKUWIKI_DOMAIN_NAME - if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_dissite "$DOKUWIKI_DOMAIN_NAME" + remove_certs "$DOKUWIKI_DOMAIN_NAME" + if [ -f "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" fi - if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then - rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME + if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then + rm -rf "/var/www/$DOKUWIKI_DOMAIN_NAME" fi if [ -d /var/lib/dokuwiki ]; then rm -rf /var/lib/dokuwiki @@ -278,14 +282,14 @@ function remove_dokuwiki { fi remove_completion_param "install_dokuwiki" remove_completion_param "dokuwiki domain" - sed -i '/dokuwiki/d' $COMPLETION_FILE + sed -i '/dokuwiki/d' "$COMPLETION_FILE" function_check remove_ddns_domain - remove_ddns_domain $DOKUWIKI_DOMAIN_NAME + remove_ddns_domain "$DOKUWIKI_DOMAIN_NAME" } function install_dokuwiki { - if [ ! $DOKUWIKI_DOMAIN_NAME ]; then + if [ ! "$DOKUWIKI_DOMAIN_NAME" ]; then return fi @@ -293,25 +297,25 @@ function install_dokuwiki { apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl apt-get -yq install php-memcached memcached - if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then - mkdir /var/www/$DOKUWIKI_DOMAIN_NAME + if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then + mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME" fi - if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then - cd /var/www/$DOKUWIKI_DOMAIN_NAME + if [ ! -f "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php" ]; then + cd "/var/www/$DOKUWIKI_DOMAIN_NAME" || exit 23468246824 if [ -d /repos/dokuwiki ]; then - mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs - cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs - cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs + mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" + cp -r -p /repos/dokuwiki/. "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" + cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 24687462 git pull else function_check git_clone - git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs + git_clone "$DOKUWIKI_REPO" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" fi - cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs - git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT + cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 38368832 + git checkout "$DOKUWIKI_COMMIT" -b "$DOKUWIKI_COMMIT" set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT" fi @@ -322,40 +326,40 @@ function install_dokuwiki { echo $'Removed Apache installation after Dokuwiki install' fi - echo ' /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php + { echo ' "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" + ln -s "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php" - chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php - chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib - chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data + chmod 600 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" + chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib" + chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" - if [ -f $IMAGE_PASSWORD_FILE ]; then - DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + DOKUWIKI_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $DOKUWIKI_ADMIN_PASSWORD ]; then - DOKUWIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$DOKUWIKI_ADMIN_PASSWORD" ]; then + DOKUWIKI_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') - echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php - cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php - chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php + echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" + cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php" + chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" - if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then - echo 'ogv video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf + if ! grep -q "video/ogg" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then + echo 'ogv video/ogg' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf" fi - if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then - echo 'mp4 video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf + if ! grep -q "video/mp4" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then + echo 'mp4 video/mp4' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf" fi - if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then - echo 'webm video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf + if ! grep -q "video/webm" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then + echo 'webm video/webm' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf" fi DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT}) @@ -363,178 +367,178 @@ function install_dokuwiki { if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $DOKUWIKI_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " server_name $DOKUWIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_http_redirect "$DOKUWIKI_DOMAIN_NAME" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;"; + echo " server_name $DOKUWIKI_DOMAIN_NAME;"; + echo ' access_log /dev/null;'; + echo " error_log /dev/null;"; + echo ' index index.php;'; + echo ' charset utf-8;'; + echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_ssl - nginx_ssl $DOKUWIKI_DOMAIN_NAME + nginx_ssl "$DOKUWIKI_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME" + { echo ' add_header Strict-Transport-Security "max-age=0;";'; + echo ''; + echo ' # rewrite to front controller as default rule'; + echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_limits - nginx_limits $DOKUWIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_limits "$DOKUWIKI_DOMAIN_NAME" + { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;"; + echo ' }'; + echo ''; + echo ' # statically serve these file types when possible'; + echo ' # otherwise fall back to front controller'; + echo ' # allow browser to cache them'; + echo ' # added .htm for advanced source code editor library'; + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {'; + echo ' expires 30d;'; + echo " try_files \$uri /index.php?q=\$uri&\$args;"; + echo ' }'; + echo ''; + echo ' # block these file types'; + echo ' location ~* \.(tpl|md|tgz|log|out)$ {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000'; + echo ' # or a unix socket'; + echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_limits - nginx_limits $DOKUWIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_limits "$DOKUWIKI_DOMAIN_NAME" + { echo ' # Zero-day exploit defense.'; + echo ' # http://forum.nginx.org/read.php?2,88845,page=3'; + echo " # Won't work properly (404 error) if the file is not stored on this"; + echo " # server, which is entirely possible with php-fpm/php-fcgi."; + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on"; + echo " # another machine. And then cross your fingers that you won't get hacked."; + echo " try_files \$uri \$uri/ /index.php;"; + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini'; + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;'; + echo ' # With php-cgi alone:'; + echo ' # fastcgi_pass 127.0.0.1:9000;'; + echo ' # With php-fpm:'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' include fastcgi_params;'; + echo ' fastcgi_index index.php;'; + echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;"; + echo ' }'; + echo ''; + echo ' # deny access to all dot files'; + echo ' location ~ /\. {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' #deny access to store'; + echo ' location ~ /store {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /(data|conf|bin|inc)/ {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /\.ht {'; + echo ' deny all;'; + echo ' }'; + echo '}'; + echo ''; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" else - echo -n '' > /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + echo -n '' > "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" fi - echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " server_name $DOKUWIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + { echo 'server {'; + echo " listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;"; + echo " root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;"; + echo " server_name $DOKUWIKI_ONION_HOSTNAME;"; + echo ' access_log /dev/null;'; + echo " error_log /dev/null;"; + echo ' index index.php;'; + echo ' charset utf-8;'; + echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME" + { echo ' add_header Strict-Transport-Security "max-age=0;";'; + echo ''; + echo ' # rewrite to front controller as default rule'; + echo ' location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_limits - nginx_limits $DOKUWIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_limits "$DOKUWIKI_DOMAIN_NAME" + { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;"; + echo ' }'; + echo ''; + echo ' # statically serve these file types when possible'; + echo ' # otherwise fall back to front controller'; + echo ' # allow browser to cache them'; + echo ' # added .htm for advanced source code editor library'; + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {'; + echo ' expires 30d;'; + echo " try_files \$uri /index.php?q=\$uri&\$args;"; + echo ' }'; + echo ''; + echo ' # block these file types'; + echo ' location ~* \.(tpl|md|tgz|log|out)$ {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000'; + echo ' # or a unix socket'; + echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check nginx_limits - nginx_limits $DOKUWIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME + nginx_limits "$DOKUWIKI_DOMAIN_NAME" + { echo ' # Zero-day exploit defense.'; + echo ' # http://forum.nginx.org/read.php?2,88845,page=3'; + echo " # Won't work properly (404 error) if the file is not stored on this"; + echo " # server, which is entirely possible with php-fpm/php-fcgi."; + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on"; + echo " # another machine. And then cross your fingers that you won't get hacked."; + echo " try_files \$uri \$uri/ /index.php;"; + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini'; + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;'; + echo ' # With php-cgi alone:'; + echo ' # fastcgi_pass 127.0.0.1:9000;'; + echo ' # With php-fpm:'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' include fastcgi_params;'; + echo ' fastcgi_index index.php;'; + echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;"; + echo ' }'; + echo ''; + echo ' # deny access to all dot files'; + echo ' location ~ /\. {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' #deny access to store'; + echo ' location ~ /store {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /(data|conf|bin|inc)/ {'; + echo ' deny all;'; + echo ' }'; + echo ' location ~ /\.ht {'; + echo ' deny all;'; + echo ' }'; + echo '}'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" function_check create_site_certificate - create_site_certificate $DOKUWIKI_DOMAIN_NAME 'yes' + create_site_certificate "$DOKUWIKI_DOMAIN_NAME" 'yes' function_check configure_php configure_php - nginx_ensite $DOKUWIKI_DOMAIN_NAME + nginx_ensite "$DOKUWIKI_DOMAIN_NAME" systemctl restart php7.0-fpm systemctl restart nginx function_check add_ddns_domain - add_ddns_domain $DOKUWIKI_DOMAIN_NAME + add_ddns_domain "$DOKUWIKI_DOMAIN_NAME" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD" APP_INSTALLED=1 } diff --git a/src/freedombone-app-edith b/src/freedombone-app-edith index 89b4e829..7abd6cbb 100755 --- a/src/freedombone-app-edith +++ b/src/freedombone-app-edith @@ -50,12 +50,12 @@ edith_variables=(MY_USERNAME function remove_bad_links_edith { read_config_param EDITH_DOMAIN_NAME - edith_dir=/var/www/$EDITH_DOMAIN_NAME/htdocs + edith_dir="/var/www/$EDITH_DOMAIN_NAME/htdocs" # copy jquery locally jquery_version='1.12.4' if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then - cd $edith_dir + cd $edith_dir || exit 246824628 wget https://code.jquery.com/jquery-${jquery_version}.js if [ -f $edith_dir/jquery-${jquery_version}.js ]; then jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}') @@ -79,9 +79,9 @@ function change_password_edith { new_user_password="$2" sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd - echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd ${curr_username} + echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd "${curr_username}" - ${PROJECT_NAME}-pass -u $MY_USERNAME -a ${curr_username} -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a "${curr_username}" -p "$new_user_password" } function logging_on_edith { @@ -102,21 +102,20 @@ function edith_enable_login { dialog --title $"Enable Edith login" \ --backtitle $"Freedombone Control Panel" \ --defaultno \ - --yesno $"\nDo you want to add a login so that random web users can't access your notes?" 10 60 + --yesno $"\\nDo you want to add a login so that random web users can't access your notes?" 10 60 sel=$? case $sel in - 0) if grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then - sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME + 0) if grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then + sed -i 's|#auth_basic|auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" systemctl restart nginx fi - read_config_param $MY_USERNAME - EDITH_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a edith) + read_config_param "$MY_USERNAME" + EDITH_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith) dialog --title $"Enable Edith login" \ --msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65 - EDITH__PASSWORD= ;; - 1) if ! grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then - sed -i 's|auth_basic|#auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME + 1) if ! grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then + sed -i 's|auth_basic|#auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" systemctl restart nginx fi dialog --title $"Disable Edith login" \ @@ -127,31 +126,34 @@ function edith_enable_login { function edith_browse { read_config_param EDITH_DOMAIN_NAME - cd /var/www/$EDITH_DOMAIN_NAME/htdocs/data - editor /var/www/$EDITH_DOMAIN_NAME/htdocs/data + cd "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" || exit 24682642 + editor "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" } function configure_interactive_edith { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Edith" \ --radiolist $"Choose an operation:" 10 50 3 \ 1 $"Enable login" off \ 2 $"Browse notes" off \ - 3 $"Exit" on 2> $data + 3 $"Exit" on 2> "$data" sel=$? case $sel in - 1) break;; - 255) break;; + 1) rm -f "$data" + break;; + 255) rm -f "$data" + break;; esac - case $(cat $data) in + case $(cat "$data") in 1) edith_enable_login;; 2) edith_browse;; - 3) break;; + 3) rm -f "$data" + break;; esac + rm -f "$data" done } @@ -165,24 +167,24 @@ function upgrade_edith { # update to the next commit function_check set_repo_commit - set_repo_commit /var/www/$EDITH_DOMAIN_NAME/htdocs "edith commit" "$EDITH_COMMIT" $EDITH_REPO + set_repo_commit "/var/www/$EDITH_DOMAIN_NAME/htdocs" "edith commit" "$EDITH_COMMIT" "$EDITH_REPO" remove_bad_links_edith - chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs - chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data + chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs" + chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" } function backup_local_edith { read_config_param EDITH_DOMAIN_NAME function_check suspend_site - suspend_site ${EDITH_DOMAIN_NAME} + suspend_site "${EDITH_DOMAIN_NAME}" - source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data + source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data" function_check backup_directory_to_usb dest_directory=edith - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" function_check restart_site restart_site @@ -192,12 +194,12 @@ function restore_local_edith { read_config_param EDITH_DOMAIN_NAME temp_restore_dir=/root/tempedith - edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data + edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data" function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir edith if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$edith_dir ]; then + if [ -d $temp_restore_dir$edith_dir ]; then cp -rp $temp_restore_dir$edith_dir $edith_dir/ else if [ ! -d $edith_dir ]; then @@ -215,13 +217,13 @@ function backup_remote_edith { read_config_param EDITH_DOMAIN_NAME function_check suspend_site - suspend_site ${EDITH_DOMAIN_NAME} + suspend_site "${EDITH_DOMAIN_NAME}" - source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data + source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data" function_check backup_directory_to_friend dest_directory=edith - backup_directory_to_friend $source_directory $dest_directory + backup_directory_to_friend "$source_directory" "$dest_directory" function_check restart_site restart_site @@ -231,12 +233,12 @@ function restore_remote_edith { read_config_param EDITH_DOMAIN_NAME temp_restore_dir=/root/tempedith - edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data + edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data" function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir edith if [ -d $temp_restore_dir ]; then - if [ -d cp $temp_restore_dir$edith_dir ]; then + if [ -d $temp_restore_dir$edith_dir ]; then cp -rp $temp_restore_dir$edith_dir $edith_dir/ else if [ ! -d $edith_dir ]; then @@ -253,17 +255,17 @@ function restore_remote_edith { function remove_edith { nginx_dissite $EDITH_DOMAIN_NAME - if [ -f /etc/nginx/sites-available/$EDITH_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$EDITH_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" fi - if [ -d /var/www/$EDITH_DOMAIN_NAME ]; then - rm -rf /var/www/$EDITH_DOMAIN_NAME + if [ -d "/var/www/$EDITH_DOMAIN_NAME" ]; then + rm -rf "/var/www/$EDITH_DOMAIN_NAME" fi function_check remove_onion_service remove_onion_service edith ${EDITH_ONION_PORT} - sed -i '/edith/d' $COMPLETION_FILE + sed -i '/edith/d' "$COMPLETION_FILE" if [ -f /etc/nginx/.edithpasswd ]; then rm /etc/nginx/.edithpasswd @@ -286,26 +288,26 @@ function install_edith { function_check install_nodejs install_nodejs edith - if [ ! ${EDITH_PASSWORD} ]; then - if [ -f ${IMAGE_PASSWORD_FILE} ]; then - EDITH_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ ! "${EDITH_PASSWORD}" ]; then + if [ -f "${IMAGE_PASSWORD_FILE}" ]; then + EDITH_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - EDITH_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + EDITH_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then - rm -rf /var/www/$EDITH_DOMAIN_NAME/htdocs + if [ -d "/var/www/$EDITH_DOMAIN_NAME/htdocs" ]; then + rm -rf "/var/www/$EDITH_DOMAIN_NAME/htdocs" fi if [ -d /repos/edith ]; then - mkdir /var/www/$EDITH_DOMAIN_NAME/htdocs - cp -r -p /repos/edith/. /var/www/$EDITH_DOMAIN_NAME/htdocs - cd /var/www/$EDITH_DOMAIN_NAME/htdocs + mkdir "/var/www/$EDITH_DOMAIN_NAME/htdocs" + cp -r -p /repos/edith/. "/var/www/$EDITH_DOMAIN_NAME/htdocs" + cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 24682462 git pull else function_check git_clone - git_clone $EDITH_REPO /var/www/$EDITH_DOMAIN_NAME/htdocs + git_clone "$EDITH_REPO" "/var/www/$EDITH_DOMAIN_NAME/htdocs" fi if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then @@ -313,102 +315,102 @@ function install_edith { exit 537593569 fi - cd /var/www/$EDITH_DOMAIN_NAME/htdocs - git checkout $EDITH_COMMIT -b $EDITH_COMMIT + cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 2648248 + git checkout "$EDITH_COMMIT" -b "$EDITH_COMMIT" set_completion_param "edith commit" "$EDITH_COMMIT" - if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs/data ]; then - mkdir -p /var/www/$EDITH_DOMAIN_NAME/htdocs/data + if [ ! -d "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" ]; then + mkdir -p "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" fi EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT}) - edith_nginx_site=/etc/nginx/sites-available/$EDITH_DOMAIN_NAME - if [[ $ONION_ONLY == "no" ]]; then + edith_nginx_site="/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" + if [[ "$ONION_ONLY" == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $EDITH_DOMAIN_NAME "index index.php" - echo 'server {' >> $edith_nginx_site - echo ' listen 443 ssl;' >> $edith_nginx_site - echo ' #listen [::]:443 ssl;' >> $edith_nginx_site - echo " server_name $EDITH_DOMAIN_NAME;" >> $edith_nginx_site - echo '' >> $edith_nginx_site + nginx_http_redirect "$EDITH_DOMAIN_NAME" "index index.php" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $EDITH_DOMAIN_NAME;"; + echo ''; } >> "$edith_nginx_site" function_check nginx_compress - nginx_compress $EDITH_DOMAIN_NAME - echo '' >> $edith_nginx_site - echo ' # Security' >> $edith_nginx_site + nginx_compress "$EDITH_DOMAIN_NAME" + echo '' >> "$edith_nginx_site" + echo ' # Security' >> "$edith_nginx_site" function_check nginx_ssl - nginx_ssl $EDITH_DOMAIN_NAME + nginx_ssl "$EDITH_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $EDITH_DOMAIN_NAME + nginx_disable_sniffing "$EDITH_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' access_log /dev/null;' >> $edith_nginx_site - echo ' error_log /dev/null;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' index index.php;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' # PHP' >> $edith_nginx_site - echo ' location ~ \.php {' >> $edith_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site - echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site - echo ' }' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' # Location' >> $edith_nginx_site - echo ' location / {' >> $edith_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$edith_nginx_site" function_check nginx_limits - nginx_limits $EDITH_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site - echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site - echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site - echo ' }' >> $edith_nginx_site - echo '}' >> $edith_nginx_site + nginx_limits "$EDITH_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ /index.php?\$args;"; + echo " auth_basic \"${EDITH_LOGIN_TEXT}\";"; + echo ' auth_basic_user_file /etc/nginx/.edithpasswd;'; + echo ' }'; + echo '}'; } >> "$edith_nginx_site" else - echo -n '' > $edith_nginx_site + echo -n '' > "$edith_nginx_site" fi - echo 'server {' >> $edith_nginx_site - echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;" >> $edith_nginx_site - echo " server_name $EDITH_ONION_HOSTNAME;" >> $edith_nginx_site - echo '' >> $edith_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$EDITH_ONION_PORT default_server;"; + echo " server_name $EDITH_ONION_HOSTNAME;"; + echo ''; } >> "$edith_nginx_site" function_check nginx_compress - nginx_compress $EDITH_DOMAIN_NAME - echo '' >> $edith_nginx_site + nginx_compress "$EDITH_DOMAIN_NAME" + echo '' >> "$edith_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $EDITH_DOMAIN_NAME - echo '' >> $edith_nginx_site - echo ' access_log /dev/null;' >> $edith_nginx_site - echo ' error_log /dev/null;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' index index.php;' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' # PHP' >> $edith_nginx_site - echo ' location ~ \.php {' >> $edith_nginx_site - echo ' include snippets/fastcgi-php.conf;' >> $edith_nginx_site - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site - echo ' fastcgi_read_timeout 30;' >> $edith_nginx_site - echo ' }' >> $edith_nginx_site - echo '' >> $edith_nginx_site - echo ' # Location' >> $edith_nginx_site - echo ' location / {' >> $edith_nginx_site + nginx_disable_sniffing "$EDITH_DOMAIN_NAME" + { echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$EDITH_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ''; + echo ' # PHP'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$edith_nginx_site" function_check nginx_limits nginx_limits $EDITH_DOMAIN_NAME '15m' - echo ' try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site - echo " auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site - echo ' auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site - echo ' }' >> $edith_nginx_site - echo '}' >> $edith_nginx_site + { echo " try_files \$uri \$uri/ /index.php?\$args;"; + echo " auth_basic \"${EDITH_LOGIN_TEXT}\";"; + echo ' auth_basic_user_file /etc/nginx/.edithpasswd;'; + echo ' }'; + echo '}'; } >> "$edith_nginx_site" function_check configure_php configure_php function_check create_site_certificate - create_site_certificate $EDITH_DOMAIN_NAME 'yes' + create_site_certificate "$EDITH_DOMAIN_NAME" 'yes' # create a password for users if [ ! -f /etc/nginx/.edithpasswd ]; then @@ -417,24 +419,23 @@ function install_edith { if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd fi - echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd $MY_USERNAME + echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd "$MY_USERNAME" if [ ! -f /etc/nginx/.edithpasswd ]; then echo $'/etc/nginx/.edithpasswd not found' exit 6537683563 fi - ${PROJECT_NAME}-pass -u $MY_USERNAME -a edith -p "$EDITH_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith -p "$EDITH_PASSWORD" - cp /var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example /var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess - cd /var/www/$EDITH_DOMAIN_NAME/htdocs + cp "/var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example" "/var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess" + cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 26482468 npm install -g coffeescript uglify-js - cake build - if [ ! "$?" = "0" ]; then + if ! cake build; then echo $'Unable to build Edith' exit 7396483635 fi cp config.example.php config.php - if [[ $ONION_ONLY == "no" ]]; then + if [[ "$ONION_ONLY" == "no" ]]; then sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php else sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php @@ -445,20 +446,20 @@ function install_edith { remove_bad_links_edith - chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs - chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data - nginx_ensite $EDITH_DAEMON_NAME + chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs" + chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" + nginx_ensite "$EDITH_DAEMON_NAME" systemctl restart nginx APP_INSTALLED=1 } function install_interactive_edith { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi - if [[ $ONION_ONLY != "no" ]]; then + if [[ "$ONION_ONLY" != "no" ]]; then GHOST_DOMAIN_NAME='edith.local' write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME" else diff --git a/src/freedombone-app-emacs b/src/freedombone-app-emacs index 8bb7207a..1056c3e3 100755 --- a/src/freedombone-app-emacs +++ b/src/freedombone-app-emacs @@ -57,13 +57,13 @@ function backup_local_emacs { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -d /home/$USERNAME/.emacs.d ]; then + if [ -d "/home/$USERNAME/.emacs.d" ]; then echo $"Backing up Emacs config for $USERNAME" - if [ -f /home/$USERNAME/.emacs ]; then - cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs + if [ -f "/home/$USERNAME/.emacs" ]; then + cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs" fi function_check backup_directory_to_usb - backup_directory_to_usb /home/$USERNAME/.emacs.d emacs/$USERNAME + backup_directory_to_usb "/home/$USERNAME/.emacs.d" "emacs/$USERNAME" fi fi done @@ -71,24 +71,25 @@ function backup_local_emacs { function restore_local_emacs { temp_restore_dir=/root/tempemacs - if [ -d $USB_MOUNT/backup/emacs ]; then + if [ -d "$USB_MOUNT/backup/emacs" ]; then for d in $USB_MOUNT/backup/emacs/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME + if [ ! -d "/home/$USERNAME" ]; then + "${PROJECT_NAME}-adduser" "$USERNAME" fi echo $"Restoring Emacs config for $USERNAME" function_check restore_directory_from_usb - restore_directory_from_usb $temp_restore_dir emacs/$USERNAME - if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then - cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ + restore_directory_from_usb "$temp_restore_dir" "emacs/$USERNAME" + if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then + cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/" else - if [ ! -d /home/$USERNAME/.emacs.d ]; then - mkdir /home/$USERNAME/.emacs.d + if [ ! -d "/home/$USERNAME/.emacs.d" ]; then + mkdir "/home/$USERNAME/.emacs.d" fi - cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d + cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -97,10 +98,10 @@ function restore_local_emacs { backup_unmount_drive exit 664 fi - if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then - cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs + if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then + cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs" else - cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs + cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs" fi rm -rf $temp_restore_dir fi @@ -112,13 +113,13 @@ function backup_remote_emacs { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -d /home/$USERNAME/.emacs.d ]; then + if [ -d "/home/$USERNAME/.emacs.d" ]; then echo $"Backing up Emacs config for $USERNAME" - if [ -f /home/$USERNAME/.emacs ]; then - cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs + if [ -f "/home/$USERNAME/.emacs" ]; then + cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs" fi function_check backup_directory_to_friend - backup_directory_to_friend /home/$USERNAME/.emacs.d emacs/$USERNAME + backup_directory_to_friend "/home/$USERNAME/.emacs.d" "emacs/$USERNAME" fi fi done @@ -126,24 +127,25 @@ function backup_remote_emacs { function restore_remote_emacs { temp_restore_dir=/root/tempemacs - if [ -d $USB_MOUNT/backup/emacs ]; then + if [ -d "$USB_MOUNT/backup/emacs" ]; then for d in $USB_MOUNT/backup/emacs/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $6}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ ! -d /home/$USERNAME ]; then - ${PROJECT_NAME}-adduser $USERNAME + if [ ! -d "/home/$USERNAME" ]; then + "${PROJECT_NAME}-adduser" "$USERNAME" fi echo $"Restoring Emacs config for $USERNAME" function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir emacs/$USERNAME - if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then - cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/ + restore_directory_from_friend "$temp_restore_dir" "emacs/$USERNAME" + if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then + cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/" else - if [ ! -d /home/$USERNAME/.emacs.d ]; then - mkdir /home/$USERNAME/.emacs.d + if [ ! -d "/home/$USERNAME/.emacs.d" ]; then + mkdir "/home/$USERNAME/.emacs.d" fi - cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d/* + cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d/*" fi + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then rm -rf $temp_restore_dir function_check set_user_permissions @@ -152,10 +154,10 @@ function restore_remote_emacs { backup_unmount_drive exit 664 fi - if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then - cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs + if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then + cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs" else - cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs + cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs" fi rm -rf $temp_restore_dir fi @@ -166,7 +168,7 @@ function restore_remote_emacs { function remove_emacs { apt-get -yq remove --purge emacs update-alternatives --set editor /usr/bin/nano - sed -i '/install_emacs/d' $COMPLETION_FILE + sed -i '/install_emacs/d' "$COMPLETION_FILE" # remove emacs as the mutt email editor if [ -f /etc/Muttrc ]; then @@ -176,9 +178,9 @@ function remove_emacs { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -f /home/$USERNAME/.muttrc ]; then - if grep -q "set editor=" /home/$USERNAME/.muttrc; then - sed -i '/set editor=/d' /home/$USERNAME/.muttrc + if [ -f "/home/$USERNAME/.muttrc" ]; then + if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then + sed -i '/set editor=/d' "/home/$USERNAME/.muttrc" fi fi fi @@ -194,74 +196,74 @@ function install_emacs { #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs #echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs - echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs - echo "'goto-line)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs - echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs - echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs - echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs - echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs - echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs - echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs - echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs - echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs - echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs - echo '' >> /home/$MY_USERNAME/.emacs - echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs - echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs - cp /home/$MY_USERNAME/.emacs /root/.emacs - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs + { echo $';; ===== Remove trailing whitepace ======================================'; + echo ''; + echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)"; + echo ''; + echo ';; Goto a line number with CTRL-l'; + echo -n '(global-set-key "\C-l" '; + echo "'goto-line)"; + echo ''; + echo $';; ===== Show line numbers =============================================='; + echo ''; + echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))"; + echo ''; + echo $';; ===== Enable line wrapping in org-mode ==============================='; + echo ''; + echo " (add-hook 'org-mode-hook"; + echo " '(lambda ()"; + echo " (visual-line-mode 1)))"; + echo ''; + echo $';; ===== Enable shift select in org mode ================================'; + echo ''; + echo '(setq org-support-shift-select t)'; + echo ''; + echo $';; ===== Set standard indent to 4 rather that 4 ========================='; + echo ''; + echo '(setq standard-indent 4)'; + echo '(setq-default tab-width 4)'; + echo '(setq c-basic-offset 4)'; + echo ''; + echo $';; ===== Support Wheel Mouse Scrolling =================================='; + echo ''; + echo '(mouse-wheel-mode t)'; + echo ''; + echo $';; ===== Place Backup Files in Specific Directory ======================='; + echo ''; + echo '(setq make-backup-files t)'; + echo '(setq version-control t)'; + echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))'; + echo ''; + echo $';; ===== Make Text mode the default mode for new buffers ================'; + echo ''; + echo "(setq default-major-mode 'text-mode)"; + echo ''; + echo $';; ===== Line length ===================================================='; + echo ''; + echo '(setq-default fill-column 72)'; + echo ''; + echo $';; ===== Enable Line and Column Numbering ==============================='; + echo ''; + echo '(line-number-mode 1)'; + echo '(column-number-mode 1)'; + echo ''; + echo $';; ===== Turn on Auto Fill mode automatically in all modes =============='; + echo ''; + echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of'; + echo ';; newlines when the cursor goes over the column limit.'; + echo ''; + echo ';; This should actually turn on auto-fill-mode by default in all major'; + echo ';; modes. The other way to do this is to turn on the fill for specific modes'; + echo ';; via hooks.'; + echo ''; + echo '(setq auto-fill-mode 1)'; + echo ''; + echo $';; ===== Enable GPG encryption ========================================='; + echo ''; + echo "(require 'epa)"; + echo '(epa-file-enable)'; } >> "/home/$MY_USERNAME/.emacs" + cp "/home/$MY_USERNAME/.emacs" /root/.emacs + chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.emacs" # add a mutt entry to use emacs to compose emails if [ -f /etc/Muttrc ]; then @@ -273,92 +275,92 @@ function install_emacs { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -f /home/$USERNAME/.muttrc ]; then - if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then - echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /home/$USERNAME/.muttrc + if [ -f "/home/$USERNAME/.muttrc" ]; then + if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then + echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> "/home/$USERNAME/.muttrc" else - sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' /home/$USERNAME/.muttrc + sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' "/home/$USERNAME/.muttrc" fi fi # create an Emacs configuration specifically for use with Mutt, which # has word wrap and spell checking on by default - if [ ! -f /home/$USERNAME/.emacs-mutt ]; then - echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$USERNAME/.emacs-mutt - echo '(setq org-support-shift-select t)' >> /home/$USERNAME/.emacs-mutt - echo '(setq standard-indent 4)' >> /home/$USERNAME/.emacs-mutt - echo '(setq-default tab-width 4)' >> /home/$USERNAME/.emacs-mutt - echo '(setq c-basic-offset 4)' >> /home/$USERNAME/.emacs-mutt - echo '(mouse-wheel-mode t)' >> /home/$USERNAME/.emacs-mutt - echo '(setq make-backup-files t)' >> /home/$USERNAME/.emacs-mutt - echo '(setq version-control t)' >> /home/$USERNAME/.emacs-mutt - echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$USERNAME/.emacs-mutt - echo "(setq default-major-mode 'text-mode)" >> /home/$USERNAME/.emacs-mutt - echo "(dolist (hook '(text-mode-hook))" >> /home/$USERNAME/.emacs-mutt - echo ' (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$USERNAME/.emacs-mutt - echo '(setq-default fill-column 72)' >> /home/$USERNAME/.emacs-mutt + if [ ! -f "/home/$USERNAME/.emacs-mutt" ]; then + { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)"; + echo '(setq org-support-shift-select t)'; + echo '(setq standard-indent 4)'; + echo '(setq-default tab-width 4)'; + echo '(setq c-basic-offset 4)'; + echo '(mouse-wheel-mode t)'; + echo '(setq make-backup-files t)'; + echo '(setq version-control t)'; + echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))'; + echo "(setq default-major-mode 'text-mode)"; + echo "(dolist (hook '(text-mode-hook))"; + echo ' (add-hook hook (lambda () (flyspell-mode 1))))'; + echo '(setq-default fill-column 72)'; } > "/home/$USERNAME/.emacs-mutt" if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then - echo '(setq ispell-dictionary "american")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "american")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then - echo '(setq ispell-dictionary "british")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "british")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then - echo '(setq ispell-dictionary "french")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "french")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then - echo '(setq ispell-dictionary "italian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "italian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then - echo '(setq ispell-dictionary "czech")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "czech")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then - echo '(setq ispell-dictionary "danish")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "danish")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then - echo '(setq ispell-dictionary "dutch")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "dutch")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then - echo '(setq ispell-dictionary "russian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "russian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then - echo '(setq ispell-dictionary "spanish")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "spanish")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then - echo '(setq ispell-dictionary "swedish")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "swedish")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then - echo '(setq ispell-dictionary "norwegian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "norwegian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then - echo '(setq ispell-dictionary "ngerman")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "ngerman")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then - echo '(setq ispell-dictionary "bulgarian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "bulgarian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then - echo '(setq ispell-dictionary "polish")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "polish")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then - echo '(setq ispell-dictionary "estonian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "estonian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then - echo '(setq ispell-dictionary "lithuanian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "lithuanian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then - echo '(setq ispell-dictionary "ukranian")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "ukranian")' >> "/home/$USERNAME/.emacs-mutt" fi if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then - echo '(setq ispell-dictionary "catalan")' >> /home/$USERNAME/.emacs-mutt + echo '(setq ispell-dictionary "catalan")' >> "/home/$USERNAME/.emacs-mutt" fi - echo '(setq auto-fill-mode 0)' >> /home/$USERNAME/.emacs-mutt - echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$USERNAME/.emacs-mutt - echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$USERNAME/.emacs-mutt - chown $USERNAME:$USERNAME /home/$USERNAME/.emacs-mutt + { echo '(setq auto-fill-mode 0)'; + echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)"; + echo "(setq-default auto-fill-function 'do-auto-fill)"; } >> "/home/$USERNAME/.emacs-mutt" + chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.emacs-mutt" # add the emacs mutt configuration to the user profile skeleton if [ ! -f /etc/skel/.emacs-mutt ]; then - cp /home/$USERNAME/.emacs-mutt /etc/skel/.emacs-mutt + cp "/home/$USERNAME/.emacs-mutt" /etc/skel/.emacs-mutt chown root:root /etc/skel/.emacs-mutt fi fi diff --git a/src/freedombone-app-etherpad b/src/freedombone-app-etherpad index 3082e6fd..330de307 100755 --- a/src/freedombone-app-etherpad +++ b/src/freedombone-app-etherpad @@ -41,7 +41,7 @@ ETHERPAD_REPO="https://github.com/ether/etherpad-lite" ETHERPAD_COMMIT='454f539561a8d9de51ed107a29d974eb79198bc6' ETHERPAD_ADMIN_PASSWORD= ETHERPAD_TITLE=$'Freedombone Docs' -ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!" +ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\\n\\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!" etherpad_variables=(ONION_ONLY DEFAULT_DOMAIN_NAME @@ -67,109 +67,109 @@ function change_password_etherpad { read_config_param ETHERPAD_DOMAIN_NAME if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then - user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {") + user_line=$(grep "\"$change_username\": {" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json") if [[ "$user_line" == *"\"is_admin\": true"* ]]; then - sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json + sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": true }|g" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json" else - sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json + sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json fi - ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2" + "${PROJECT_NAME}-pass" -u "$change_username" -a etherpad -p "$2" systemctl restart etherpad fi } function etherpad_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then - ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then + ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi - if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then + if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then return fi function_check create_database - create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" $MY_USERNAME + create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" "$MY_USERNAME" } function create_etherpad_settings { - settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json - echo '{' > $settings_file - echo " \"title\": \"${ETHERPAD_TITLE}\"," >> $settings_file - echo ' "favicon": "favicon.ico",' >> $settings_file + settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json" + { echo '{'; + echo " \"title\": \"${ETHERPAD_TITLE}\","; + echo ' "favicon": "favicon.ico",'; - echo ' "ip": "127.0.0.1",' >> $settings_file - echo " \"port\" : ${ETHERPAD_PORT}," >> $settings_file + echo ' "ip": "127.0.0.1",'; + echo " \"port\" : ${ETHERPAD_PORT},"; - echo ' "showSettingsInAdminPage" : true,' >> $settings_file - echo ' "dbType" : "mysql",' >> $settings_file - echo ' "dbSettings" : {' >> $settings_file - echo ' "user" : "root",' >> $settings_file - echo ' "host" : "localhost",' >> $settings_file - echo " \"password\": \"${MARIADB_PASSWORD}\"," >> $settings_file - echo ' "database": "etherpad",' >> $settings_file - echo ' "charset" : "utf8mb4"' >> $settings_file - echo ' },' >> $settings_file + echo ' "showSettingsInAdminPage" : true,'; + echo ' "dbType" : "mysql",'; + echo ' "dbSettings" : {'; + echo ' "user" : "root",'; + echo ' "host" : "localhost",'; + echo " \"password\": \"${MARIADB_PASSWORD}\","; + echo ' "database": "etherpad",'; + echo ' "charset" : "utf8mb4"'; + echo ' },'; - echo " \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"," >> $settings_file + echo " \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\","; - echo ' "padOptions": {' >> $settings_file - echo ' "noColors": false,' >> $settings_file - echo ' "showControls": true,' >> $settings_file - echo ' "showChat": true,' >> $settings_file - echo ' "showLineNumbers": false,' >> $settings_file - echo ' "useMonospaceFont": false,' >> $settings_file - echo ' "userName": false,' >> $settings_file - echo ' "userColor": true,' >> $settings_file - echo ' "rtl": false,' >> $settings_file - echo ' "alwaysShowChat": true,' >> $settings_file - echo ' "chatAndUsers": true,' >> $settings_file - echo ' "lang": "en-gb"' >> $settings_file - echo ' },' >> $settings_file + echo ' "padOptions": {'; + echo ' "noColors": false,'; + echo ' "showControls": true,'; + echo ' "showChat": true,'; + echo ' "showLineNumbers": false,'; + echo ' "useMonospaceFont": false,'; + echo ' "userName": false,'; + echo ' "userColor": true,'; + echo ' "rtl": false,'; + echo ' "alwaysShowChat": true,'; + echo ' "chatAndUsers": true,'; + echo ' "lang": "en-gb"'; + echo ' },'; - echo ' "suppressErrorsInPadText" : true,' >> $settings_file - echo ' "requireSession" : false,' >> $settings_file - echo ' "editOnly" : false,' >> $settings_file - echo ' "sessionNoPassword" : false,' >> $settings_file - echo ' "minify" : true,' >> $settings_file - echo ' "maxAge" : 21600, // 60 * 60 * 6 = 6 hours' >> $settings_file - echo ' "abiword" : null,' >> $settings_file - echo ' "soffice" : null,' >> $settings_file - echo ' "tidyHtml" : null,' >> $settings_file - echo ' "allowUnknownFileEnds" : false,' >> $settings_file - echo ' "requireAuthentication" : true,' >> $settings_file - echo ' "requireAuthorization" : true,' >> $settings_file - echo ' "trustProxy" : false,' >> $settings_file - echo ' "disableIPlogging" : true,' >> $settings_file + echo ' "suppressErrorsInPadText" : true,'; + echo ' "requireSession" : false,'; + echo ' "editOnly" : false,'; + echo ' "sessionNoPassword" : false,'; + echo ' "minify" : true,'; + echo ' "maxAge" : 21600, // 60 * 60 * 6 = 6 hours'; + echo ' "abiword" : null,'; + echo ' "soffice" : null,'; + echo ' "tidyHtml" : null,'; + echo ' "allowUnknownFileEnds" : false,'; + echo ' "requireAuthentication" : true,'; + echo ' "requireAuthorization" : true,'; + echo ' "trustProxy" : false,'; + echo ' "disableIPlogging" : true,'; - echo ' "users": {' >> $settings_file - echo " \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file - echo ' },' >> $settings_file + echo ' "users": {'; + echo " \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }"; + echo ' },'; - echo ' "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file - echo ' "loadTest": false,' >> $settings_file - echo ' "indentationOnNewLine": false,' >> $settings_file + echo ' "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],'; + echo ' "loadTest": false,'; + echo ' "indentationOnNewLine": false,'; - echo ' "toolbar": {' >> $settings_file - echo ' "left": [' >> $settings_file - echo ' ["bold", "italic", "underline", "strikethrough"],' >> $settings_file - echo ' ["orderedlist", "unorderedlist", "indent", "outdent"],' >> $settings_file - echo ' ["undo", "redo"],' >> $settings_file - echo ' ["clearauthorship"]' >> $settings_file - echo ' ],' >> $settings_file - echo ' "right": [' >> $settings_file - echo ' ["importexport", "timeslider", "savedrevision"],' >> $settings_file - echo ' ["settings", "embed"],' >> $settings_file - echo ' ["showusers"]' >> $settings_file - echo ' ],' >> $settings_file - echo ' "timeslider": [' >> $settings_file - echo ' ["timeslider_export", "timeslider_returnToPad"]' >> $settings_file - echo ' ]' >> $settings_file - echo ' },' >> $settings_file - echo ' "loglevel": "INFO"' >> $settings_file - echo '}' >> $settings_file + echo ' "toolbar": {'; + echo ' "left": ['; + echo ' ["bold", "italic", "underline", "strikethrough"],'; + echo ' ["orderedlist", "unorderedlist", "indent", "outdent"],'; + echo ' ["undo", "redo"],'; + echo ' ["clearauthorship"]'; + echo ' ],'; + echo ' "right": ['; + echo ' ["importexport", "timeslider", "savedrevision"],'; + echo ' ["settings", "embed"],'; + echo ' ["showusers"]'; + echo ' ],'; + echo ' "timeslider": ['; + echo ' ["timeslider_export", "timeslider_returnToPad"]'; + echo ' ]'; + echo ' },'; + echo ' "loglevel": "INFO"'; + echo '}'; } > $settings_file chmod 600 $settings_file } @@ -177,7 +177,7 @@ function remove_user_etherpad { remove_username="$1" settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json - ${PROJECT_NAME}-pass -u $remove_username --rmapp etherpad + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp etherpad if grep -q "\"$remove_username\": {" $settings_file; then sed -i "/\"$remove_username\": {/d" $settings_file @@ -191,7 +191,7 @@ function add_user_etherpad { settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json if ! grep -q "\"$new_username\": {" $settings_file; then - ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2" + "${PROJECT_NAME}-pass" -u "$new_username" -a etherpad -p "$2" sed -i "/\"users\": {/a \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file if grep -q "\"$new_username\": {" $settings_file; then systemctl restart etherpad @@ -204,11 +204,11 @@ function add_user_etherpad { } function install_interactive_etherpad { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi - if [[ $ONION_ONLY != "no" ]]; then + if [[ "$ONION_ONLY" != "no" ]]; then ETHERPAD_DOMAIN_NAME='etherpad.local' write_config_param "ETHERPAD_DOMAIN_NAME" "$ETHERPAD_DOMAIN_NAME" else @@ -220,18 +220,17 @@ function install_interactive_etherpad { function etherpad_set_title { read_config_param "ETHERPAD_TITLE" - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"Etherpad Title" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>$data + --inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>"$data" sel=$? case $sel in 0) - temp_title=$(<$data) + temp_title=$(<"$data") if [ ${#temp_title} -gt 0 ]; then ETHERPAD_TITLE="$temp_title" - settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json + settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json" write_config_param "ETHERPAD_TITLE" "$ETHERPAD_TITLE" sed -i "s|\"title\":.*|\"title\": \"${ETHERPAD_TITLE}\"|g" $settings_file @@ -241,22 +240,22 @@ function etherpad_set_title { fi ;; esac + rm -f "$data" } function etherpad_set_welcome_message { read_config_param "ETHERPAD_WELCOME_MESSAGE" - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"Etherpad Welcome Message" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>$data + --inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>"$data" sel=$? case $sel in 0) - temp_welcome=$(<$data) + temp_welcome=$(<"$data") if [ ${#temp_welcome} -gt 0 ]; then ETHERPAD_WELCOME_MESSAGE="$temp_welcome" - settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json + settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json" write_config_param "ETHERPAD_WELCOME_MESSAGE" "$ETHERPAD_WELCOME_MESSAGE" sed -i "s|\"defaultPadText\" :.*|\"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"|g" $settings_file @@ -266,29 +265,33 @@ function etherpad_set_welcome_message { fi ;; esac + rm -f "$data" } function configure_interactive_etherpad { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Etherpad Settings" \ --radiolist $"Choose an operation:" 12 70 3 \ 1 $"Set Title" off \ 2 $"Set a welcome message" off \ - 3 $"Exit" on 2> $data + 3 $"Exit" on 2> "$data" sel=$? case $sel in - 1) return;; - 255) return;; + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; esac - case $(cat $data) in + case $(cat "$data") in 1) etherpad_set_title;; 2) etherpad_set_welcome_message;; - 3) break;; + 3) rm -f "$data" + break;; esac + rm -f "$data" done } @@ -311,18 +314,18 @@ function upgrade_etherpad { function backup_local_etherpad { ETHERPAD_DOMAIN_NAME='etherpad' - if grep -q "etherpad domain" $COMPLETION_FILE; then + if grep -q "etherpad domain" "$COMPLETION_FILE"; then ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain") fi source_directory=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs - if [ -d $source_directory ]; then + if [ -d "$source_directory" ]; then dest_directory=etherpad function_check suspend_site - suspend_site ${ETHERPAD_DOMAIN_NAME} + suspend_site "${ETHERPAD_DOMAIN_NAME}" function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory + backup_directory_to_usb "$source_directory" "$dest_directory" function_check backup_database_to_usb backup_database_to_usb etherpad @@ -333,50 +336,50 @@ function backup_local_etherpad { } function restore_local_etherpad { - if ! grep -q "etherpad domain" $COMPLETION_FILE; then + if ! grep -q "etherpad domain" "$COMPLETION_FILE"; then return fi ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain") - if [ $ETHERPAD_DOMAIN_NAME ]; then + if [ "$ETHERPAD_DOMAIN_NAME" ]; then temp_restore_dir=/root/tempetherpad - etherpad_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs + #etherpad_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs" function_check etherpad_create_database etherpad_create_database - restore_database etherpad ${ETHERPAD_DOMAIN_NAME} + restore_database etherpad "${ETHERPAD_DOMAIN_NAME}" if [ -d $temp_restore_dir ]; then rm -rf $temp_restore_dir fi - chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs - if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then - chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem + chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs" + if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then + chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" fi - if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then - chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key + if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then + chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" fi - MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) - settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json - sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file + MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) + settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json" + sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file" MARIADB_PASSWORD= fi } function backup_remote_etherpad { - if grep -q "etherpad domain" $COMPLETION_FILE; then + if grep -q "etherpad domain" "$COMPLETION_FILE"; then ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain") - temp_backup_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs - if [ -d $temp_backup_dir ]; then + temp_backup_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs" + if [ -d "$temp_backup_dir" ]; then function_check suspend_site - suspend_site ${ETHERPAD_DOMAIN_NAME} + suspend_site "${ETHERPAD_DOMAIN_NAME}" function_check backup_database_to_friend backup_database_to_friend etherpad function_check backup_directory_to_friend - backup_directory_to_friend $temp_backup_dir etherpad + backup_directory_to_friend "$temp_backup_dir" etherpad function_check restart_site restart_site @@ -387,29 +390,29 @@ function backup_remote_etherpad { } function restore_remote_etherpad { - if grep -q "etherpad domain" $COMPLETION_FILE; then + if grep -q "etherpad domain" "$COMPLETION_FILE"; then ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain") function_check etherpad_create_database etherpad_create_database function_check restore_database_from_friend - restore_database_from_friend etherpad ${ETHERPAD_DOMAIN_NAME} + restore_database_from_friend etherpad "${ETHERPAD_DOMAIN_NAME}" if [ -d /root/tempetherpad ]; then rm -rf /root/tempetherpad fi - chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs - if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then - chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem + chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs" + if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then + chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" fi - if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then - chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key + if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then + chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" fi - MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) - settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json - sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file + MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) + settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json" + sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file" MARIADB_PASSWORD= fi } @@ -427,13 +430,13 @@ function remove_etherpad { rm /etc/systemd/system/etherpad.service fi systemctl daemon-reload - nginx_dissite $ETHERPAD_DOMAIN_NAME - remove_certs $ETHERPAD_DOMAIN_NAME - if [ -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then - rm -rf /var/www/$ETHERPAD_DOMAIN_NAME + nginx_dissite "$ETHERPAD_DOMAIN_NAME" + remove_certs "$ETHERPAD_DOMAIN_NAME" + if [ -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then + rm -rf "/var/www/$ETHERPAD_DOMAIN_NAME" fi - if [ -f /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME" fi function_check drop_database drop_database etherpad @@ -441,7 +444,7 @@ function remove_etherpad { remove_onion_service etherpad ${ETHERPAD_ONION_PORT} remove_app etherpad remove_completion_param install_etherpad - sed -i '/etherpad/d' $COMPLETION_FILE + sed -i '/etherpad/d' "$COMPLETION_FILE" remove_backup_database_local etherpad remove_nodejs etherpad @@ -449,22 +452,22 @@ function remove_etherpad { userdel -r etherpad function_check remove_ddns_domain - remove_ddns_domain $ETHERPAD_DOMAIN_NAME + remove_ddns_domain "$ETHERPAD_DOMAIN_NAME" } function install_etherpad { - if [ ! $ETHERPAD_DOMAIN_NAME ]; then + if [ ! "$ETHERPAD_DOMAIN_NAME" ]; then echo $'No domain name was given for etherpad' exit 7359 fi check_ram_availability 2000 - if [ -f $IMAGE_PASSWORD_FILE ]; then - ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else - if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then - ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then + ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi @@ -484,133 +487,133 @@ function install_etherpad { function_check install_nodejs install_nodejs etherpad - if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then - mkdir /var/www/$ETHERPAD_DOMAIN_NAME + if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then + mkdir "/var/www/$ETHERPAD_DOMAIN_NAME" fi - if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then if [ -d /repos/etherpad ]; then - mkdir /var/www/$ETHERPAD_DOMAIN_NAME/htdocs - cp -r -p /repos/etherpad/. /var/www/$ETHERPAD_DOMAIN_NAME/htdocs - cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs + mkdir "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" + cp -r -p /repos/etherpad/. "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" + cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 32468346 git pull else function_check git_clone - git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs + git_clone "$ETHERPAD_REPO" "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" fi - if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then echo $'Unable to clone etherpad repo' exit 56382 fi fi - cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs - git checkout $ETHERPAD_COMMIT -b $ETHERPAD_COMMIT + cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 24654824 + git checkout "$ETHERPAD_COMMIT" -b "$ETHERPAD_COMMIT" set_completion_param "etherpad commit" "$ETHERPAD_COMMIT" - chmod a+w /var/www/$ETHERPAD_DOMAIN_NAME/htdocs - chown www-data:www-data /var/www/$ETHERPAD_DOMAIN_NAME/htdocs + chmod a+w "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" + chown www-data:www-data "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" function_check etherpad_create_database etherpad_create_database function_check add_ddns_domain - add_ddns_domain $ETHERPAD_DOMAIN_NAME + add_ddns_domain "$ETHERPAD_DOMAIN_NAME" create_etherpad_settings - adduser --system --home=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/ --group etherpad - chown -R etherpad: /var/www/$ETHERPAD_DOMAIN_NAME/htdocs/ + adduser --system --home="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/" --group etherpad + chown -R etherpad: "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/" - echo '[Unit]' > /etc/systemd/system/etherpad.service - echo 'Description=etherpad-lite (real-time collaborative document editing)' >> /etc/systemd/system/etherpad.service - echo 'After=syslog.target network.target' >> /etc/systemd/system/etherpad.service - echo '' >> /etc/systemd/system/etherpad.service - echo '[Service]' >> /etc/systemd/system/etherpad.service - echo 'Type=simple' >> /etc/systemd/system/etherpad.service - echo 'User=etherpad' >> /etc/systemd/system/etherpad.service - echo 'Group=etherpad' >> /etc/systemd/system/etherpad.service - echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" >> /etc/systemd/system/etherpad.service - echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh" >> /etc/systemd/system/etherpad.service - echo 'Restart=on-failure' >> /etc/systemd/system/etherpad.service - echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/etherpad.service - echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/etherpad.service - echo '' >> /etc/systemd/system/etherpad.service - echo '[Install]' >> /etc/systemd/system/etherpad.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/etherpad.service + { echo '[Unit]'; + echo 'Description=etherpad-lite (real-time collaborative document editing)'; + echo 'After=syslog.target network.target'; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=etherpad'; + echo 'Group=etherpad'; + echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"; + echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh"; + echo 'Restart=on-failure'; + echo 'SuccessExitStatus=3 4'; + echo 'RestartForceExitStatus=3 4'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/etherpad.service chmod +x /etc/systemd/system/etherpad.service etherpad_nginx_site=/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $ETHERPAD_DOMAIN_NAME - echo 'server {' >> $etherpad_nginx_site - echo ' listen 443 ssl;' >> $etherpad_nginx_site - echo ' #listen [::]:443 ssl;' >> $etherpad_nginx_site - echo " server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site - echo '' >> $etherpad_nginx_site - echo ' # Security' >> $etherpad_nginx_site + nginx_http_redirect "$ETHERPAD_DOMAIN_NAME" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $ETHERPAD_DOMAIN_NAME;"; + echo ''; + echo ' # Security'; } >> "$etherpad_nginx_site" function_check nginx_ssl - nginx_ssl $ETHERPAD_DOMAIN_NAME + nginx_ssl "$ETHERPAD_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME + nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME" - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $etherpad_nginx_site - echo '' >> $etherpad_nginx_site - echo ' # Logs' >> $etherpad_nginx_site - echo ' access_log /dev/null;' >> $etherpad_nginx_site - echo ' error_log /dev/null;' >> $etherpad_nginx_site - echo '' >> $etherpad_nginx_site - echo ' # Root' >> $etherpad_nginx_site - echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site - echo '' >> $etherpad_nginx_site - echo ' location / {' >> $etherpad_nginx_site + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' location / {'; } >> "$etherpad_nginx_site" function_check nginx_limits - nginx_limits $ETHERPAD_DOMAIN_NAME '15m' - echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site - echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site - echo ' proxy_buffering off;' >> $etherpad_nginx_site - echo ' }' >> $etherpad_nginx_site - echo '}' >> $etherpad_nginx_site + nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m' + { echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;"; + echo " proxy_set_header Host \$host;"; + echo ' proxy_buffering off;'; + echo ' }'; + echo '}'; } >> "$etherpad_nginx_site" else - echo -n '' > $etherpad_nginx_site + echo -n '' > "$etherpad_nginx_site" fi - echo 'server {' >> $etherpad_nginx_site - echo " listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;" >> $etherpad_nginx_site - echo " server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site - echo '' >> $etherpad_nginx_site + { echo 'server {'; + echo " listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;"; + echo " server_name $ETHERPAD_ONION_HOSTNAME;"; + echo ''; } >> "$etherpad_nginx_site" function_check nginx_disable_sniffing - nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME - echo '' >> $etherpad_nginx_site - echo ' # Logs' >> $etherpad_nginx_site - echo ' access_log /dev/null;' >> $etherpad_nginx_site - echo ' error_log /dev/null;' >> $etherpad_nginx_site - echo '' >> $etherpad_nginx_site - echo ' # Root' >> $etherpad_nginx_site - echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site - echo '' >> $etherpad_nginx_site - echo ' location / {' >> $etherpad_nginx_site + nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME" + { echo ''; + echo ' # Logs'; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo ' # Root'; + echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' location / {'; } >> "$etherpad_nginx_site" function_check nginx_limits - nginx_limits $ETHERPAD_DOMAIN_NAME '15m' - echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site - echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site - echo ' proxy_buffering off;' >> $etherpad_nginx_site - echo ' }' >> $etherpad_nginx_site - echo '}' >> $etherpad_nginx_site + nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m' + { echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;"; + echo " proxy_set_header Host \$host;"; + echo ' proxy_buffering off;'; + echo ' }'; + echo '}'; } >> "$etherpad_nginx_site" function_check create_site_certificate - create_site_certificate $ETHERPAD_DOMAIN_NAME 'yes' + create_site_certificate "$ETHERPAD_DOMAIN_NAME" 'yes' - if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt ]; then - mv /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem + if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" ]; then + mv "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" fi - if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then - chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem + if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then + chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" fi - if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then - chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key + if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then + chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" fi usermod -a -G ssl-cert etherpad @@ -623,14 +626,14 @@ function install_etherpad { backup_database_local etherpad function_check nginx_ensite - nginx_ensite $ETHERPAD_DOMAIN_NAME + nginx_ensite "$ETHERPAD_DOMAIN_NAME" ETHERPAD_ONION_HOSTNAME=$(add_onion_service etherpad 80 ${ETHERPAD_ONION_PORT}) - ${PROJECT_NAME}-pass -u $MY_USERNAME -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD" function_check add_ddns_domain - add_ddns_domain $ETHERPAD_DOMAIN_NAME + add_ddns_domain "$ETHERPAD_DOMAIN_NAME" set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME" diff --git a/src/freedombone-app-fedwiki b/src/freedombone-app-fedwiki index d8b27591..8197e49a 100755 --- a/src/freedombone-app-fedwiki +++ b/src/freedombone-app-fedwiki @@ -127,7 +127,7 @@ function add_user_fedwiki { } function install_interactive_fedwiki { - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi @@ -148,7 +148,7 @@ function change_password_fedwiki { echo $'Fedwiki password is too short' return fi - ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD" + "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD" sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json systemctl daemon-reload @@ -177,12 +177,12 @@ function upgrade_fedwiki { function backup_local_fedwiki { FEDWIKI_DOMAIN_NAME='fedwiki.local' - if grep -q "fedwiki domain" $COMPLETION_FILE; then + if grep -q "fedwiki domain" "$COMPLETION_FILE"; then FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain") fi systemctl stop fedwiki - suspend_site ${FEDWIKI_DOMAIN_NAME} + suspend_site "${FEDWIKI_DOMAIN_NAME}" fedwiki_path=$FEDWIKI_DATA if [ -d $fedwiki_path ]; then @@ -195,11 +195,11 @@ function backup_local_fedwiki { function restore_local_fedwiki { FEDWIKI_DOMAIN_NAME='fedwiki.local' - if grep -q "fedwiki domain" $COMPLETION_FILE; then + if grep -q "fedwiki domain" "$COMPLETION_FILE"; then FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain") fi - if [ $FEDWIKI_DOMAIN_NAME ]; then - suspend_site ${FEDWIKI_DOMAIN_NAME} + if [ "$FEDWIKI_DOMAIN_NAME" ]; then + suspend_site "${FEDWIKI_DOMAIN_NAME}" systemctl stop fedwiki temp_restore_dir=/root/tempfedwiki @@ -215,8 +215,8 @@ function restore_local_fedwiki { rm -rf $temp_restore_dir fi - FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}') - ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD" + FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}') + "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD" sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD" systemctl daemon-reload @@ -227,12 +227,12 @@ function restore_local_fedwiki { function backup_remote_fedwiki { FEDWIKI_DOMAIN_NAME='fedwiki.local' - if grep -q "fedwiki domain" $COMPLETION_FILE; then + if grep -q "fedwiki domain" "$COMPLETION_FILE"; then FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain") fi systemctl stop fedwiki - suspend_site ${FEDWIKI_DOMAIN_NAME} + suspend_site "${FEDWIKI_DOMAIN_NAME}" temp_backup_dir=$FEDWIKI_DATA if [ -d $temp_backup_dir ]; then @@ -248,12 +248,12 @@ function backup_remote_fedwiki { function restore_remote_fedwiki { FEDWIKI_DOMAIN_NAME='fedwiki.local' - if grep -q "fedwiki domain" $COMPLETION_FILE; then + if grep -q "fedwiki domain" "$COMPLETION_FILE"; then FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain") fi systemctl stop fedwiki - suspend_site ${FEDWIKI_DOMAIN_NAME} + suspend_site "${FEDWIKI_DOMAIN_NAME}" temp_restore_dir=/root/tempfedwiki function_check restore_directory_from_friend @@ -268,8 +268,8 @@ function restore_remote_fedwiki { rm -rf $temp_restore_dir fi - FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}') - ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD" + FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}') + "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD" sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD" systemctl daemon-reload @@ -294,20 +294,20 @@ function remove_fedwiki { remove_nodejs fedwiki read_config_param "FEDWIKI_DOMAIN_NAME" - nginx_dissite $FEDWIKI_DOMAIN_NAME - remove_certs ${FEDWIKI_DOMAIN_NAME} - if [ -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME ]; then - rm -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME + nginx_dissite "$FEDWIKI_DOMAIN_NAME" + remove_certs "${FEDWIKI_DOMAIN_NAME}" + if [ -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" ]; then + rm -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" fi - if [ -d /var/www/$FEDWIKI_DOMAIN_NAME ]; then - rm -rf /var/www/$FEDWIKI_DOMAIN_NAME + if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then + rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME" fi remove_config_param FEDWIKI_DOMAIN_NAME remove_config_param FEDWIKI_CODE function_check remove_onion_service remove_onion_service fedwiki ${FEDWIKI_ONION_PORT} remove_completion_param "install_fedwiki" - sed -i '/fedwiki/d' $COMPLETION_FILE + sed -i '/fedwiki/d' "$COMPLETION_FILE" groupdel -f fedwiki userdel -r fedwiki @@ -317,101 +317,102 @@ function remove_fedwiki { fi function_check remove_ddns_domain - remove_ddns_domain $FEDWIKI_DOMAIN_NAME + remove_ddns_domain "$FEDWIKI_DOMAIN_NAME" } function fedwiki_setup_web { - fedwiki_nginx_file=/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME + fedwiki_nginx_file="/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" - if [[ $ONION_ONLY == "no" ]]; then - echo 'server {' > $fedwiki_nginx_file - echo ' listen 80;' >> $fedwiki_nginx_file - echo ' listen [::]:80;' >> $fedwiki_nginx_file - echo " server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file - echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $fedwiki_nginx_file - echo '}' >> $fedwiki_nginx_file - echo '' >> $fedwiki_nginx_file - echo 'server {' >> $fedwiki_nginx_file - echo ' listen 443 ssl;' >> $fedwiki_nginx_file - echo ' #listen [::]:443 ssl;' >> $fedwiki_nginx_file - echo " server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file - echo '' >> $fedwiki_nginx_file + if [[ "$ONION_ONLY" == "no" ]]; then + { echo 'server {'; + echo ' listen 80;'; + echo ' listen [::]:80;'; + echo " server_name $FEDWIKI_DOMAIN_NAME;"; + echo " rewrite ^ https://\$server_name\$request_uri? permanent;"; + echo '}'; + echo ''; + echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $FEDWIKI_DOMAIN_NAME;"; + echo ''; } > "$fedwiki_nginx_file" function_check nginx_ssl - nginx_ssl $FEDWIKI_DOMAIN_NAME mobile + nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile - sed -i '/Content-Security-Policy/d' $fedwiki_nginx_file - sed -i '/X-XSS-Protection/d' $fedwiki_nginx_file - sed -i '/X-Robots-Tag/d' $fedwiki_nginx_file - sed -i '/X-Download-Options/d' $fedwiki_nginx_file - sed -i '/X-Permitted-Cross-Domain-Policies/d' $fedwiki_nginx_file + sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file" + sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file" + sed -i '/X-Robots-Tag/d' "$fedwiki_nginx_file" + sed -i '/X-Download-Options/d' "$fedwiki_nginx_file" + sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file" - echo ' add_header X-Robots-Tag none;' >> $fedwiki_nginx_file - echo ' add_header X-Download-Options noopen;' >> $fedwiki_nginx_file - echo ' add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file - echo ' add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file - echo '' >> $fedwiki_nginx_file - echo ' location /fonts-font-awesome/ {' >> $fedwiki_nginx_file - echo ' alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file - echo ' }' >> $fedwiki_nginx_file - echo '' >> $fedwiki_nginx_file - echo ' location / {' >> $fedwiki_nginx_file - echo " proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file - echo ' proxy_set_header Host $host;' >> $fedwiki_nginx_file - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file - echo ' client_max_body_size 1M;' >> $fedwiki_nginx_file - echo ' }' >> $fedwiki_nginx_file - echo '}' >> $fedwiki_nginx_file - echo '' >> $fedwiki_nginx_file + { echo ' add_header X-Robots-Tag none;'; + echo ' add_header X-Download-Options noopen;'; + echo ' add_header X-Frame-Options DENY;'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' location /fonts-font-awesome/ {'; + echo ' alias /usr/share/fonts-font-awesome/;'; + echo ' }'; + echo ''; + echo ' location / {'; + echo " proxy_pass http://localhost:${FEDWIKI_PORT};"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ' client_max_body_size 1M;'; + echo ' }'; + echo '}'; + echo ''; } >> "$fedwiki_nginx_file" else - echo -n '' > $fedwiki_nginx_file + echo -n '' > "$fedwiki_nginx_file" fi - echo 'server {' >> $fedwiki_nginx_file - echo " listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file - echo " server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file - echo '' >> $fedwiki_nginx_file - echo ' add_header X-Robots-Tag none;' >> $fedwiki_nginx_file - echo ' add_header X-Download-Options noopen;' >> $fedwiki_nginx_file - echo ' add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file - echo ' add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file - echo '' >> $fedwiki_nginx_file - echo ' location /fonts-font-awesome/ {' >> $fedwiki_nginx_file - echo ' alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file - echo ' }' >> $fedwiki_nginx_file - echo '' >> $fedwiki_nginx_file - echo ' location / {' >> $fedwiki_nginx_file - echo " proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file - echo ' proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file - echo ' proxy_set_header Host $host;' >> $fedwiki_nginx_file - echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file - echo ' client_max_body_size 1M;' >> $fedwiki_nginx_file - echo ' }' >> $fedwiki_nginx_file - echo '}' >> $fedwiki_nginx_file + { echo 'server {'; + echo " listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;"; + echo " server_name $FEDWIKI_ONION_HOSTNAME;"; + echo ''; + echo ' add_header X-Robots-Tag none;'; + echo ' add_header X-Download-Options noopen;'; + echo ' add_header X-Frame-Options DENY;'; + echo ' add_header X-Content-Type-Options nosniff;'; + echo ''; + echo ' location /fonts-font-awesome/ {'; + echo ' alias /usr/share/fonts-font-awesome/;'; + echo ' }'; + echo ''; + echo ' location / {'; + echo " proxy_pass http://localhost:${FEDWIKI_PORT};"; + echo " proxy_set_header X-Real-IP \$remote_addr;"; + echo " proxy_set_header Host \$host;"; + echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;"; + echo ' client_max_body_size 1M;'; + echo ' }'; + echo '}'; } >> "$fedwiki_nginx_file" function_check create_site_certificate - create_site_certificate $FEDWIKI_DOMAIN_NAME 'yes' + create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes' function_check nginx_ensite - nginx_ensite $FEDWIKI_DOMAIN_NAME + nginx_ensite "$FEDWIKI_DOMAIN_NAME" } function install_fedwiki { - if [[ $VARIANT == "mesh"* ]]; then + # shellcheck disable=SC2153 + if [[ "$VARIANT" == "mesh"* ]]; then return fi - if [ ! $ONION_ONLY ]; then + if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi - if [ ! $FEDWIKI_DOMAIN_NAME ]; then + if [ ! "$FEDWIKI_DOMAIN_NAME" ]; then echo $'The fedwiki domain name was not specified' exit 893635 fi - if [ ! -d /var/www/$FEDWIKI_DOMAIN_NAME/htdocs ]; then - mkdir -p /var/www/$FEDWIKI_DOMAIN_NAME/htdocs + if [ ! -d "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs" ]; then + mkdir -p "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs" fi if [ ! -d $FEDWIKI_DATA ]; then @@ -429,14 +430,12 @@ function install_fedwiki { apt-get -yq install fonts-font-awesome - npm install -g wiki@$FEDWIKI_VERSION - if [ ! "$?" = "0" ]; then + if ! npm install -g wiki@$FEDWIKI_VERSION; then echo $'Failed to install fedwiki' exit 6293523 fi - npm install -g wiki-security-friends@0.1.0 - if [ ! "$?" = "0" ]; then + if ! npm install -g wiki-security-friends@0.1.0; then echo $'Failed to install wiki-security-friends' exit 783533 fi @@ -457,44 +456,44 @@ function install_fedwiki { FEDWIKI_COOKIE="$(create_password 20)" fi - echo '[Unit]' > /etc/systemd/system/fedwiki.service - echo 'Description=Fedwiki federated wiki' >> /etc/systemd/system/fedwiki.service - echo 'After=syslog.target' >> /etc/systemd/system/fedwiki.service - echo 'After=network.target' >> /etc/systemd/system/fedwiki.service - echo '' >> /etc/systemd/system/fedwiki.service - echo '[Service]' >> /etc/systemd/system/fedwiki.service - echo 'User=fedwiki' >> /etc/systemd/system/fedwiki.service - echo 'Group=fedwiki' >> /etc/systemd/system/fedwiki.service - echo "WorkingDirectory=/usr/local/lib/node_modules/wiki" >> /etc/systemd/system/fedwiki.service - echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'" >> /etc/systemd/system/fedwiki.service - echo 'StandardOutput=syslog' >> /etc/systemd/system/fedwiki.service - echo 'StandardError=syslog' >> /etc/systemd/system/fedwiki.service - echo 'SyslogIdentifier=fedwiki' >> /etc/systemd/system/fedwiki.service - echo 'Restart=always' >> /etc/systemd/system/fedwiki.service - echo "Environment=NODE_ENV=production" >> /etc/systemd/system/fedwiki.service - echo '' >> /etc/systemd/system/fedwiki.service - echo '[Install]' >> /etc/systemd/system/fedwiki.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/fedwiki.service + { echo '[Unit]'; + echo 'Description=Fedwiki federated wiki'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo ''; + echo '[Service]'; + echo 'User=fedwiki'; + echo 'Group=fedwiki'; + echo "WorkingDirectory=/usr/local/lib/node_modules/wiki"; + echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'"; + echo 'StandardOutput=syslog'; + echo 'StandardError=syslog'; + echo 'SyslogIdentifier=fedwiki'; + echo 'Restart=always'; + echo "Environment=NODE_ENV=production"; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/fedwiki.service if [ ! -d ${FEDWIKI_DATA}/status ]; then mkdir -p ${FEDWIKI_DATA}/status fi fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json - echo '{' > $fedwiki_auth_file - echo " \"name\": \"${MY_USERNAME}\"," >> $fedwiki_auth_file - echo ' "friend": {' >> $fedwiki_auth_file - echo " \"secret\": \"${FEDWIKI_COOKIE}\"" >> $fedwiki_auth_file - echo ' }' >> $fedwiki_auth_file - echo '}' >> $fedwiki_auth_file + { echo '{'; + echo " \"name\": \"${MY_USERNAME}\","; + echo ' "friend": {'; + echo " \"secret\": \"${FEDWIKI_COOKIE}\""; + echo ' }'; + echo '}'; } > $fedwiki_auth_file chown -R fedwiki:fedwiki $FEDWIKI_DATA fedwiki_setup_web - ${PROJECT_NAME}-pass -u $MY_USERNAME -a fedwiki -p "$FEDWIKI_COOKIE" + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a fedwiki -p "$FEDWIKI_COOKIE" function_check add_ddns_domain - add_ddns_domain $FEDWIKI_DOMAIN_NAME + add_ddns_domain "$FEDWIKI_DOMAIN_NAME" fedwiki_remove_bad_links diff --git a/src/freedombone-app-friendica b/src/freedombone-app-friendica index db1ad7bc..fab6bcf0 100755 --- a/src/freedombone-app-friendica +++ b/src/freedombone-app-friendica @@ -60,7 +60,7 @@ function logging_off_friendica { function remove_user_friendica { remove_username="$1" - ${PROJECT_NAME}-pass -u $remove_username --rmapp friendica + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp friendica } function add_user_friendica { @@ -71,27 +71,26 @@ function add_user_friendica { new_username="$1" new_user_password="$2" - ${PROJECT_NAME}-pass -u $new_username -a friendica -p "$new_user_password" + "${PROJECT_NAME}-pass" -u "$new_username" -a friendica -p "$new_user_password" echo '0' } function friendica_renew_cert { dialog --title $"Renew SSL certificate" \ --backtitle $"Freedombone Control Panel" \ - --yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60 + --yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60 sel=$? case $sel in 1) return;; 255) return;; esac FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain") - if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then dialog --title $"Renew SSL certificate" \ --msgbox $"Friendica install directory not found" 6 40 return fi - ${PROJECT_NAME}-renew-cert -h $FRIENDICA_DOMAIN_NAME -p 'letsencrypt' - if [ ! "$?" = "0" ]; then + if ! "${PROJECT_NAME}-renew-cert" -h "$FRIENDICA_DOMAIN_NAME" -p 'letsencrypt'; then any_key else dialog --title $"Renew SSL certificate" \ @@ -100,52 +99,54 @@ function friendica_renew_cert { } function friendica_channel_directory_server { - if ! grep -q "friendica domain" $COMPLETION_FILE; then + if ! grep -q "friendica domain" "$COMPLETION_FILE"; then dialog --title $"Friendica channel directory server" \ --msgbox $"Friendica is not installed on this system" 6 40 return fi FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain") - if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then + if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then dialog --title $"Friendica channel directory server" \ --msgbox $"Friendica install directory not found" 6 40 return fi - CURR_DIR_SERVER=$(cat /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php | grep directory | awk -F "'" '{print $6}') + CURR_DIR_SERVER=$(grep directory "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php" | awk -F "'" '{print $6}') - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --title $"Friendica channel directory server" \ --backtitle $"Freedombone Control Panel" \ - --inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>$data + --inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>"$data" sel=$? case $sel in 0) - friendica_domain_server=$(<$data) + friendica_domain_server=$(<"$data") if [[ "$friendica_domain_server" != *"."* ]]; then + rm -f "$data" return fi if [[ "$friendica_domain_server" != "http"* ]]; then dialog --title $"Friendica channel directory server" \ --msgbox $"Invalid domain - include the https://" 6 40 + rm -f "$data" return fi - sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php + sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php" dialog --title $"Friendica channel directory server" \ --msgbox $"Domain channel directory server changed to $friendica_domain_server" 6 40 ;; esac + rm -f "$data" } function friendica_close_registrations { - sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php + sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php" dialog --title $"Friendica Account Registrations" \ --msgbox $"New registrations are now closed" 6 40 } function friendica_allow_registrations { - sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php + sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php" dialog --title $"Friendica Account Registrations" \ --msgbox $"New registrations are permitted" 6 40 } @@ -153,8 +154,7 @@ function friendica_allow_registrations { function configure_interactive_friendica { while true do - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 + data=$(mktemp 2>/dev/null) dialog --backtitle $"Freedombone Control Panel" \ --title $"Friendica" \ --radiolist $"Choose an operation:" 15 70 6 \ @@ -162,19 +162,21 @@ function configure_interactive_friendica { 2 $"Renew SSL certificate" off \ 3 $"Close new account registrations" off \ 4 $"Allow new account registrations" off \ - 5 $"Back to main menu" on 2> $data + 5 $"Back to main menu" on 2> "$data" sel=$? case $sel in 1) break;; 255) break;; esac - case $(cat $data) in + case $(cat "$data") in 1) friendica_channel_directory_server;; 2) friendica_renew_cert;; 3) friendica_close_registrations;; 4) friendica_allow_registrations;; - 5) break;; + 5) rm -f "$data" + break;; esac + rm -f "$data" done } @@ -190,7 +192,7 @@ function install_interactive_friendica { } function change_password_friendica { - FRIENDICA_USERNAME="$1" + #FRIENDICA_USERNAME="$1" FRIENDICA_PASSWORD="$2" if [ ${#FRIENDICA_PASSWORD} -lt 8 ]; then echo $'Friendica password is too short' @@ -201,14 +203,14 @@ function change_password_friendica { } function friendica_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then - FRIENDICA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + FRIENDICA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" fi - if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then - FRIENDICA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then + FRIENDICA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi - ${PROJECT_NAME}-pass -u $MY_USERNAME -a friendica -p "$FRIENDICA_ADMIN_PASSWORD" - if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a friendica -p "$FRIENDICA_ADMIN_PASSWORD" + if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then return fi @@ -229,17 +231,17 @@ function upgrade_friendica { FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs function_check set_repo_commit - set_repo_commit $FRIENDICA_PATH "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO - set_repo_commit $FRIENDICA_PATH/addon "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO + set_repo_commit "$FRIENDICA_PATH" "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO + set_repo_commit "$FRIENDICA_PATH/addon" "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO } function backup_local_friendica { - friendica_path=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs - if [ -d $friendica_path ]; then + friendica_path="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs" + if [ -d "$friendica_path" ]; then function_check backup_database_to_usb backup_database_to_usb friendica - backup_directory_to_usb $friendica_path friendica + backup_directory_to_usb "$friendica_path" friendica fi } @@ -250,31 +252,31 @@ function restore_local_friendica { function_check friendica_create_database friendica_create_database - restore_database friendica ${FRIENDICA_DOMAIN_NAME} - if [ -d $USB_MOUNT/backup/friendica ]; then - if [ ! -d $friendica_dir/store/[data]/smarty3 ]; then - mkdir -p $friendica_dir/store/[data]/smarty3 + restore_database friendica "${FRIENDICA_DOMAIN_NAME}" + if [ -d "$USB_MOUNT/backup/friendica" ]; then + if [ ! -d "$friendica_dir/store/[data]/smarty3" ]; then + mkdir -p "$friendica_dir/store/[data]/smarty3" fi - chmod 1777 $friendica_dir/store/[data]/smarty3 - chown -R www-data:www-data $friendica_dir/* + chmod 1777 "$friendica_dir/store/[data]/smarty3" + chown -R www-data:www-data "$friendica_dir/*" if [ -d $temp_restore_dir ]; then rm -rf $temp_restore_dir fi - MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) + MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs - sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php + sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php" MARIADB_PASSWORD= fi } function backup_remote_friendica { - temp_backup_dir=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs - if [ -d $temp_backup_dir ]; then - suspend_site ${FRIENDICA_DOMAIN_NAME} + temp_backup_dir="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs" + if [ -d "$temp_backup_dir" ]; then + suspend_site "${FRIENDICA_DOMAIN_NAME}" backup_database_to_friend friendica echo "Backing up Friendica installation" - backup_directory_to_friend $temp_backup_dir friendica + backup_directory_to_friend "$temp_backup_dir" friendica restart_site echo "Backup of Friendica complete" else @@ -289,21 +291,21 @@ function restore_remote_friendica { function_check friendica_create_database friendica_create_database - restore_database_from_friend friendica ${FRIENDICA_DOMAIN_NAME} - if [ -d $SERVER_DIRECTORY/backup/friendica ]; then - if [ ! -d /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then - mkdir -p /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 + restore_database_from_friend friendica "${FRIENDICA_DOMAIN_NAME}" + if [ -d "$SERVER_DIRECTORY/backup/friendica" ]; then + if [ ! -d "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then + mkdir -p "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" fi - chmod 1777 /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 - chown -R www-data:www-data /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/* + chmod 1777 "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" + chown -R www-data:www-data "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*" fi if [ -d /root/tempfriendica ]; then rm -rf /root/tempfriendica fi - MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) - FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs - sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php + MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) + FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" + sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php" MARIADB_PASSWORD= } @@ -311,35 +313,35 @@ function remove_friendica { if [ ${#FRIENDICA_DOMAIN_NAME} -eq 0 ]; then return fi - nginx_dissite $FRIENDICA_DOMAIN_NAME - remove_certs ${FRIENDICA_DOMAIN_NAME} - if [ -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then - rm -rf /var/www/$FRIENDICA_DOMAIN_NAME + nginx_dissite "$FRIENDICA_DOMAIN_NAME" + remove_certs "${FRIENDICA_DOMAIN_NAME}" + if [ -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then + rm -rf "/var/www/$FRIENDICA_DOMAIN_NAME" fi - if [ -f /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME ]; then - rm /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME + if [ -f "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" fi function_check drop_database drop_database friendica function_check remove_onion_service remove_onion_service friendica ${FRIENDICA_ONION_PORT} - sed -i '/friendica/d' $COMPLETION_FILE + sed -i '/friendica/d' "$COMPLETION_FILE" sed -i '/poller.php/d' /etc/crontab function_check remove_ddns_domain - remove_ddns_domain $FRIENDICA_DOMAIN_NAME + remove_ddns_domain "$FRIENDICA_DOMAIN_NAME" } function install_friendica { - if [ ! $FRIENDICA_DOMAIN_NAME ]; then + if [ ! "$FRIENDICA_DOMAIN_NAME" ]; then return fi - if [[ $ONION_ONLY != "no" ]]; then + if [[ "$ONION_ONLY" != "no" ]]; then return fi - FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs + FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" function_check install_mariadb install_mariadb @@ -354,38 +356,38 @@ function install_friendica { apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl apt-get -yq install php-memcached - if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then - mkdir /var/www/$FRIENDICA_DOMAIN_NAME + if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then + mkdir "/var/www/$FRIENDICA_DOMAIN_NAME" fi - if [ ! -d $FRIENDICA_PATH ]; then - mkdir $FRIENDICA_PATH + if [ ! -d "$FRIENDICA_PATH" ]; then + mkdir "$FRIENDICA_PATH" fi - if [ ! -f $FRIENDICA_PATH/index.php ]; then - cd $INSTALL_DIR + if [ ! -f "$FRIENDICA_PATH/index.php" ]; then + cd "$INSTALL_DIR" || exit 2346824864 if [ -d /repos/friendica ]; then mkdir friendica cp -r -p /repos/friendica/. friendica - cd friendica + cd friendica || exit 24682462 git pull else function_check git_clone - git_clone $FRIENDICA_REPO friendica + git_clone "$FRIENDICA_REPO" friendica fi git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT set_completion_param "friendica commit" "$FRIENDICA_COMMIT" - rm -rf $FRIENDICA_PATH - mv friendica $FRIENDICA_PATH + rm -rf "$FRIENDICA_PATH" + mv friendica "$FRIENDICA_PATH" - git_clone $FRIENDICA_ADDONS_REPO $FRIENDICA_PATH/addon - cd $FRIENDICA_PATH/addon - git checkout $FRIENDICA_ADDONS_COMMIT -b $FRIENDICA_ADDONS_COMMIT + git_clone "$FRIENDICA_ADDONS_REPO" "$FRIENDICA_PATH/addon" + cd "$FRIENDICA_PATH/addon" || exit 34835685 + git checkout "$FRIENDICA_ADDONS_COMMIT" -b "$FRIENDICA_ADDONS_COMMIT" set_completion_param "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" - chown -R www-data:www-data $FRIENDICA_PATH + chown -R www-data:www-data "$FRIENDICA_PATH" fi FRIENDICA_ONION_HOSTNAME= @@ -400,158 +402,158 @@ function install_friendica { fi function_check add_ddns_domain - add_ddns_domain $FRIENDICA_DOMAIN_NAME + add_ddns_domain "$FRIENDICA_DOMAIN_NAME" - if [[ $ONION_ONLY == "no" ]]; then + if [[ "$ONION_ONLY" == "no" ]]; then function_check nginx_http_redirect - nginx_http_redirect $FRIENDICA_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " server_name $FRIENDICA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME + nginx_http_redirect "$FRIENDICA_DOMAIN_NAME" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " root $FRIENDICA_PATH;"; + echo " server_name $FRIENDICA_DOMAIN_NAME;"; + echo " error_log /dev/null;"; + echo ' index index.php;'; + echo ' charset utf-8;'; + echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" function_check nginx_ssl - nginx_ssl $FRIENDICA_DOMAIN_NAME + nginx_ssl "$FRIENDICA_DOMAIN_NAME" function_check nginx_disable_sniffing - nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME - echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME + nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME" + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # rewrite to front controller as default rule'; + echo ' location / {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" function_check nginx_limits - nginx_limits $FRIENDICA_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME + nginx_limits "$FRIENDICA_DOMAIN_NAME" + { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;"; + echo ' }'; + echo ''; + echo ' # statically serve these file types when possible'; + echo ' # otherwise fall back to front controller'; + echo ' # allow browser to cache them'; + echo ' # added .htm for advanced source code editor library'; + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {'; + echo ' expires 30d;'; + echo " try_files \$uri /index.php?q=\$uri&\$args;"; + echo ' }'; + echo ''; + echo ' # block these file types'; + echo ' location ~* \.(tpl|md|tgz|log|out)$ {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000'; + echo ' # or a unix socket'; + echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" function_check nginx_limits - nginx_limits $FRIENDICA_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME + nginx_limits "$FRIENDICA_DOMAIN_NAME" + { echo ' # Zero-day exploit defense.'; + echo ' # http://forum.nginx.org/read.php?2,88845,page=3'; + echo " # Won't work properly (404 error) if the file is not stored on this"; + echo " # server, which is entirely possible with php-fpm/php-fcgi."; + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on"; + echo " # another machine. And then cross your fingers that you won't get hacked."; + echo " try_files \$uri \$uri/ /index.php;"; + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini'; + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;'; + echo ' # With php-cgi alone:'; + echo ' # fastcgi_pass 127.0.0.1:9000;'; + echo ' # With php-fpm:'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' include fastcgi_params;'; + echo ' fastcgi_read_timeout 30;'; + echo ' fastcgi_index index.php;'; + echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;"; + echo ' fastcgi_read_timeout 300;'; + echo ' }'; + echo ''; + echo ' # deny access to all dot files'; + echo ' location ~ /\. {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' location ~ /\.ht {'; + echo ' deny all;'; + echo ' }'; + echo '}'; + echo ''; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" else - echo 'server {' > /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " server_name $FRIENDICA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - nginx_limits $FRIENDICA_DOMAIN_NAME - nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - nginx_limits $FRIENDICA_DOMAIN_NAME - nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME + { echo 'server {'; + echo " listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;"; + echo " root $FRIENDICA_PATH;"; + echo " server_name $FRIENDICA_ONION_HOSTNAME;"; + echo " error_log /dev/null;"; + echo ' index index.php;'; + echo ' charset utf-8;'; + echo ' access_log /dev/null;'; + echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' # rewrite to front controller as default rule'; + echo ' location / {'; } > "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" + nginx_limits "$FRIENDICA_DOMAIN_NAME" + nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME" + { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;"; + echo ' }'; + echo ''; + echo ' # statically serve these file types when possible'; + echo ' # otherwise fall back to front controller'; + echo ' # allow browser to cache them'; + echo ' # added .htm for advanced source code editor library'; + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {'; + echo ' expires 30d;'; + echo " try_files \$uri /index.php?q=\$uri&\$args;"; + echo ' }'; + echo ''; + echo ' # block these file types'; + echo ' location ~* \.(tpl|md|tgz|log|out)$ {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000'; + echo ' # or a unix socket'; + echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" + nginx_limits "$FRIENDICA_DOMAIN_NAME" + nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME" + { echo ' # Zero-day exploit defense.'; + echo ' # http://forum.nginx.org/read.php?2,88845,page=3'; + echo " # Won't work properly (404 error) if the file is not stored on this"; + echo " # server, which is entirely possible with php-fpm/php-fcgi."; + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on"; + echo " # another machine. And then cross your fingers that you won't get hacked."; + echo " try_files \$uri \$uri/ /index.php;"; + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini'; + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;'; + echo ' # With php-cgi alone:'; + echo ' # fastcgi_pass 127.0.0.1:9000;'; + echo ' # With php-fpm:'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' include fastcgi_params;'; + echo ' fastcgi_read_timeout 30;'; + echo ' fastcgi_index index.php;'; + echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;"; + echo ' fastcgi_read_timeout 300;'; + echo ' }'; + echo ''; + echo ' # deny access to all dot files'; + echo ' location ~ /\. {'; + echo ' deny all;'; + echo ' }'; + echo ''; + echo ' location ~ /\.ht {'; + echo ' deny all;'; + echo ' }'; + echo '}'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" fi function_check configure_php configure_php function_check create_site_certificate - create_site_certificate $FRIENDICA_DOMAIN_NAME 'yes' + create_site_certificate "$FRIENDICA_DOMAIN_NAME" 'yes' - if [ ! -d $FRIENDICA_PATH/view/tpl/smarty3 ]; then - mkdir $FRIENDICA_PATH/view/tpl/smarty3 + if [ ! -d "$FRIENDICA_PATH/view/tpl/smarty3" ]; then + mkdir "$FRIENDICA_PATH/view/tpl/smarty3" fi if [ ! -d "$FRIENDICA_PATH/store" ]; then mkdir "$FRIENDICA_PATH/store" @@ -563,9 +565,9 @@ function install_friendica { mkdir "$FRIENDICA_PATH/store/[data]/smarty3" chmod 1777 "$FRIENDICA_PATH/store/[data]/smarty3" fi - chmod 1777 $FRIENDICA_PATH/view/tpl + chmod 1777 "$FRIENDICA_PATH/view/tpl" chown -R www-data:www-data "$FRIENDICA_PATH/store" - chmod 1777 $FRIENDICA_PATH/view/tpl/smarty3 + chmod 1777 "$FRIENDICA_PATH/view/tpl/smarty3" # Ensure that the database gets backed up locally, if remote # backups are not being used @@ -575,55 +577,55 @@ function install_friendica { function_check backup_database_local backup_database_local friendica - chown -R www-data:www-data $FRIENDICA_PATH + chown -R www-data:www-data "$FRIENDICA_PATH" function_check nginx_ensite - nginx_ensite $FRIENDICA_DOMAIN_NAME + nginx_ensite "$FRIENDICA_DOMAIN_NAME" # initialize the database - if [ ! -f $FRIENDICA_PATH/database.sql ]; then + if [ ! -f "$FRIENDICA_PATH/database.sql" ]; then echo $'No database schema found for friendica' exit 252782 fi function_check initialise_database - initialise_database friendica $FRIENDICA_PATH/database.sql + initialise_database friendica "$FRIENDICA_PATH/database.sql" # create the config file - echo ' $FRIENDICA_PATH/.htconfig.php - echo "\$db_host = 'localhost';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$db_user = 'root';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$db_data = 'friendica';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$default_timezone = 'Europe/London';" >> $FRIENDICA_PATH/.htconfig.php + { echo ' "$FRIENDICA_PATH/.htconfig.php" if [[ $ONION_ONLY == 'no' ]]; then - echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> $FRIENDICA_PATH/.htconfig.php + echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> "$FRIENDICA_PATH/.htconfig.php" else - echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> $FRIENDICA_PATH/.htconfig.php + echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> "$FRIENDICA_PATH/.htconfig.php" fi - echo "\$a->config['sitename'] = \"Friendica\";" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['register_policy'] = REGISTER_OPEN;" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['register_text'] = '';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['system']['no_regfullname'] = true;" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['max_import_size'] = 200000;" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['system']['maximagesize'] = 800000;" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['php_path'] = '/usr/bin/php';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['system']['theme'] = 'vier';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['system']['huburl'] = '[internal]';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['system']['language'] = 'en';" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['system']['rino_encrypt'] = 2;" >> $FRIENDICA_PATH/.htconfig.php - echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');" >> $FRIENDICA_PATH/.htconfig.php - chown www-data:www-data $FRIENDICA_PATH/.htconfig.php - chmod 755 $FRIENDICA_PATH/.htconfig.php + { echo "\$a->config['sitename'] = \"Friendica\";"; + echo "\$a->config['register_policy'] = REGISTER_OPEN;"; + echo "\$a->config['register_text'] = '';"; + echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';"; + echo "\$a->config['system']['no_regfullname'] = true;"; + echo "\$a->config['max_import_size'] = 200000;"; + echo "\$a->config['system']['maximagesize'] = 800000;"; + echo "\$a->config['php_path'] = '/usr/bin/php';"; + echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';"; + echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';"; + echo "\$a->config['system']['theme'] = 'vier';"; + echo "\$a->config['system']['huburl'] = '[internal]';"; + echo "\$a->config['system']['language'] = 'en';"; + echo "\$a->config['system']['rino_encrypt'] = 2;"; + echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');"; } >> "$FRIENDICA_PATH/.htconfig.php" + chown www-data:www-data "$FRIENDICA_PATH/.htconfig.php" + chmod 755 "$FRIENDICA_PATH/.htconfig.php" systemctl restart mariadb systemctl restart php7.0-fpm systemctl restart nginx systemctl restart cron - ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no + "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no set_completion_param "friendica domain" "${FRIENDICA_DOMAIN_NAME}" APP_INSTALLED=1 diff --git a/src/freedombone-app-ghost b/src/freedombone-app-ghost index fa5fb464..e5008d93 100755 --- a/src/freedombone-app-ghost +++ b/src/freedombone-app-ghost @@ -48,14 +48,14 @@ ghost_variables=(GHOST_DOMAIN_NAME function ghost_bust { # kill the started ghost process - kill_pid=$(ps aux | grep "ghost run" | awk -F ' ' '{print $2}' | head -n 1) - kill -9 $kill_pid + kill_pid=$(pgrep "ghost run" | head -n 1) + kill -9 "$kill_pid" - kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1) - kill -9 $kill_pid + kill_pid=$(pgrep "ghost" | head -n 1) + kill -9 "$kill_pid" - kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1) - kill -9 $kill_pid + kill_pid=$(pgrep "ghost" | head -n 1) + kill -9 "$kill_pid" } function logging_on_ghost { @@ -77,9 +77,9 @@ function ghost_replace_jquery { sed -i "s|http://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md sed -i "s|https://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md - cd /var/www/${GHOST_DOMAIN_NAME}/htdocs/current - find ./ -type f -exec sed -i -e 's|https://code.jquery.com|$curr_domain|g' {} \; - find ./ -type f -exec sed -i -e 's|http://code.jquery.com|$curr_domain|g' {} \; + cd "/var/www/${GHOST_DOMAIN_NAME}/htdocs/current" || exit 3468368 + find ./ -type f -exec sed -i -e "s|https://code.jquery.com|$curr_domain|g" {} \; + find ./ -type f -exec sed -i -e "s|http://code.jquery.com|$curr_domain|g" {} \; } function ghost_rss_button { @@ -98,14 +98,14 @@ function ghost_remove_offsite_links { ghost_rss_button # remove google font links - cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current - find ./ -type f -exec sed -i -e 's/fonts.googleapis.com/$curr_domain/g' {} \; + cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 246872424 + find ./ -type f -exec sed -i -e "s/fonts.googleapis.com/$curr_domain/g" {} \; # copy jquery locally previous_jquery_version='1.12.0' jquery_version='1.12.4' if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then - cd /var/www/$GHOST_DOMAIN_NAME/htdocs + cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468746824 wget https://code.jquery.com/jquery-${jquery_version}.js jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}') if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then @@ -119,27 +119,27 @@ function ghost_remove_offsite_links { } function ghost_replace_proprietary_services { - replace_file=$1 + replace_file="$1" - sed -i 's|Twitter Profile|GNU Social Profile|g' $replace_file - sed -i 's|Twitter profile|GNU Social Profile|g' $replace_file - sed -i 's|Twitter Username|GNU Social Username|g' $replace_file - sed -i 's|twitter.com|quitter.se|g' $replace_file - sed -i 's|Facebook Page|Hubzilla Channel|g' $replace_file - sed -i 's|Facebook Profile|Hubzilla Channel|g' $replace_file - sed -i 's|Facebook profile|Hubzilla Channel|g' $replace_file - sed -i 's|www.facebook.com/username|hubzilladomain/username|g' $replace_file - sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' $replace_file - sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' $replace_file - sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' $replace_file - sed -i 's|www.facebook.com/test|hubzilladomain/username|g' $replace_file - sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' $replace_file - sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' $replace_file - sed -i 's|Facebook Username|Hubzilla Channel|g' $replace_file - sed -i 's|www.facebook.com|hubzilladomain|g' $replace_file - sed -i 's|facebook value|hubzilla value|g' $replace_file + sed -i 's|Twitter Profile|GNU Social Profile|g' "$replace_file" + sed -i 's|Twitter profile|GNU Social Profile|g' "$replace_file" + sed -i 's|Twitter Username|GNU Social Username|g' "$replace_file" + sed -i 's|twitter.com|quitter.se|g' "$replace_file" + sed -i 's|Facebook Page|Hubzilla Channel|g' "$replace_file" + sed -i 's|Facebook Profile|Hubzilla Channel|g' "$replace_file" + sed -i 's|Facebook profile|Hubzilla Channel|g' "$replace_file" + sed -i 's|www.facebook.com/username|hubzilladomain/username|g' "$replace_file" + sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' "$replace_file" + sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' "$replace_file" + sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' "$replace_file" + sed -i 's|www.facebook.com/test|hubzilladomain/username|g' "$replace_file" + sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' "$replace_file" + sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' "$replace_file" + sed -i 's|Facebook Username|Hubzilla Channel|g' "$replace_file" + sed -i 's|www.facebook.com|hubzilladomain|g' "$replace_file" + sed -i 's|facebook value|hubzilla value|g' "$replace_file" - sed -i '/