From 7888f7ae6313f08465d3c1425a2eaf0af24cafd4 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 1 Mar 2018 11:45:51 +0000
Subject: [PATCH] Tidying
---
src/freedombone-app-syncthing | 186 ++++++++-------
src/freedombone-app-tahoelafs | 319 ++++++++++++-------------
src/freedombone-app-tox | 398 ++++++++++++++++---------------
src/freedombone-app-turtl | 154 ++++++------
src/freedombone-app-vim | 122 +++++-----
src/freedombone-app-vpn | 428 +++++++++++++++++-----------------
6 files changed, 818 insertions(+), 789 deletions(-)
diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing
index 1cebff14c..7d46f794b 100755
--- a/src/freedombone-app-syncthing
+++ b/src/freedombone-app-syncthing
@@ -66,12 +66,12 @@ function syncthing_create_ids_file {
SYNCTHING_ID=$(cat ~/.syncthing-server-id)
if [ ! -f $SYNCTHING_CONFIG_FILE ]; then
- echo $'# Your syncthing configuration file' > $SYNCTHING_CONFIG_FILE
- echo '#' >> $SYNCTHING_CONFIG_FILE
- echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID" >> $SYNCTHING_CONFIG_FILE
- echo '#' >> $SYNCTHING_CONFIG_FILE
- echo '# Paste the IDs of your devices below' >> $SYNCTHING_CONFIG_FILE
- echo '#' >> $SYNCTHING_CONFIG_FILE
+ { echo $'# Your syncthing configuration file';
+ echo '#';
+ echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID";
+ echo '#';
+ echo '# Paste the IDs of your devices below';
+ echo '#'; } > $SYNCTHING_CONFIG_FILE
fi
}
@@ -94,12 +94,13 @@ function syncthing_show_id {
SYNCTHING_ID=$(cat ~/.syncthing-server-id)
dialog --title $"Device ID for ${PROJECT_NAME}" \
--backtitle $"Freedombone User Control Panel" \
- --msgbox $"In a desktop terminal press shift and select the ID below,\nthen right click and copy.\n\nWithin Connectbot select Menu/Copy and then highlight the ID below\n\n$SYNCTHING_ID\n\nAlternatively press Enter to display a QR code which can be scanned." 13 78
+ --msgbox $"In a desktop terminal press shift and select the ID below,\\nthen right click and copy.\\n\\nWithin Connectbot select Menu/Copy and then highlight the ID below\\n\\n$SYNCTHING_ID\\n\\nAlternatively press Enter to display a QR code which can be scanned." 13 78
clear
echo $'Your Syncthing ID code'
echo ''
echo -n "$SYNCTHING_ID" | qrencode -t UTF8
echo ''
+ # shellcheck disable=SC2034
read -n1 -rsp $"Press any key to continue..." key
}
@@ -110,21 +111,24 @@ function syncthing_add_id {
syncthing_create_ids_file
- data=$(tempfile 2>/dev/null)
+ data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \
--title $"Add a Syncthing device ID" \
--form $"Paste the device ID for your laptop/desktop/netbook/phone/tablet below" 9 80 2 \
$"Device ID:" 1 1 "" 1 26 80 80 \
$"Description (optional):" 2 1 "" 2 26 80 80 \
- 2> $data
+ 2> "$data"
sel=$?
case $sel in
- 1) return;;
- 255) return;;
+ 1) rm -f "$data"
+ return;;
+ 255) rm -f "$data"
+ return;;
esac
- SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p)
- SYNCTHING_DESCRIPTION=$(cat $data | sed -n 2p)
+ SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
+ SYNCTHING_DESCRIPTION=$(sed -n 2p < "$data")
+ rm -f "$data"
if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
return
@@ -164,19 +168,21 @@ function syncthing_remove_id {
syncthing_create_ids_file
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone User Control Panel" \
--title $"Remove a Syncthing device ID" \
--form $"Paste the device ID which is to be removed below" 8 80 1 \
$"Device ID:" 1 1 "" 1 14 80 80 \
- 2> $data
+ 2> "$data"
sel=$?
case $sel in
- 1) return;;
- 255) return;;
+ 1) rm -f "$data"
+ return;;
+ 255) rm -f "$data"
+ return;;
esac
- SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p)
+ SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
+ rm -f "$data"
if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
return
@@ -212,8 +218,7 @@ function run_client_syncthing {
while true
do
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone User Control Panel" \
--title $"File Synchronization" \
--radiolist $"Choose an operation:" 12 70 6 \
@@ -221,19 +226,23 @@ function run_client_syncthing {
2 $"Add an ID for another machine or device" off \
3 $"Remove an ID for another machine or device" off \
4 $"Manually edit device IDs" off \
- 5 $"Back to main menu" on 2> $data
+ 5 $"Back to main menu" on 2> "$data"
sel=$?
case $sel in
- 1) break;;
- 255) break;;
+ 1) rm -f "$data"
+ break;;
+ 255) rm -f "$data"
+ break;;
esac
- case $(cat $data) in
+ case $(cat "$data") in
1) syncthing_show_id;;
2) syncthing_add_id;;
3) syncthing_remove_id;;
4) syncthing_manual_edit;;
- 5) break;;
+ 5) rm -f "$data"
+ break;;
esac
+ rm -f "$data"
done
}
@@ -260,21 +269,21 @@ function backup_local_syncthing {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
- if [ -d /home/$USERNAME/Sync ]; then
+ if [ -d "/home/$USERNAME/Sync" ]; then
echo $"Backing up syncthing files for $USERNAME"
- backup_directory_to_usb /home/$USERNAME/Sync syncthing/$USERNAME
+ backup_directory_to_usb "/home/$USERNAME/Sync" "syncthing/$USERNAME"
# ensure that device IDs will be backed up as part of user config settings
- if [ ! -d /home/$USERNAME/.config/syncthing ]; then
- mkdir -p /home/$USERNAME/.config/syncthing
- chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+ if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+ mkdir -p "/home/$USERNAME/.config/syncthing"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi
- if [ -f /home/$USERNAME/.syncthing-server-id ]; then
- cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
- chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+ if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+ cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi
- if [ -f /home/$USERNAME/.syncthingids ]; then
- cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
- chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+ if [ -f "/home/$USERNAME/.syncthingids" ]; then
+ cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi
fi
fi
@@ -288,7 +297,7 @@ function restore_local_syncthing {
fi
temp_restore_dir=/root/tempsyncthing
- if [ -d $USB_MOUNT/backup/syncthingconfig ]; then
+ if [ -d "$USB_MOUNT/backup/syncthingconfig" ]; then
echo $"Restoring syncthing configuration"
function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
@@ -297,9 +306,7 @@ function restore_local_syncthing {
if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
mkdir -p $SYNCTHING_CONFIG_PATH
fi
- cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/
-
- if [ ! "$?" = "0" ]; then
+ if ! cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/; then
set_user_permissions
backup_unmount_drive
systemctl start syncthing
@@ -309,7 +316,7 @@ function restore_local_syncthing {
rm -rf ${temp_restore_dir}config
fi
- if [ -d $USB_MOUNT/backup/syncthingshared ]; then
+ if [ -d "$USB_MOUNT/backup/syncthingshared" ]; then
echo $"Restoring syncthing shared files"
restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
#cp -r ${temp_restore_dir}shared/* /
@@ -321,28 +328,29 @@ function restore_local_syncthing {
rm -rf ${temp_restore_dir}shared
fi
- if [ -d $USB_MOUNT/backup/syncthing ]; then
+ if [ -d "$USB_MOUNT/backup/syncthing" ]; then
for d in $USB_MOUNT/backup/syncthing/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
- if [ ! -d /home/$USERNAME ]; then
- ${PROJECT_NAME}-adduser $USERNAME
+ if [ ! -d "/home/$USERNAME" ]; then
+ "${PROJECT_NAME}-adduser" "$USERNAME"
fi
echo $"Restoring syncthing files for $USERNAME"
- restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
- if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then
- cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
+ restore_directory_from_usb "${temp_restore_dir}" "syncthing/$USERNAME"
+ if [ -d "${temp_restore_dir}/home/$USERNAME/Sync" ]; then
+ cp -r "${temp_restore_dir}/home/$USERNAME/Sync" "/home/$USERNAME/"
else
- if [ ! -d /home/$USERNAME/Sync ]; then
- mkdir /home/$USERNAME/Sync
+ if [ ! -d "/home/$USERNAME/Sync" ]; then
+ mkdir "/home/$USERNAME/Sync"
fi
if [ -d /root/Sync ]; then
- cp -r /root/Sync/* /home/$USERNAME/Sync/
+ cp -r /root/Sync/* "/home/$USERNAME/Sync/"
rm -rf /root/Sync
else
- cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+ cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
fi
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir}
set_user_permissions
@@ -354,13 +362,13 @@ function restore_local_syncthing {
rm -rf ${temp_restore_dir}
# restore device IDs from config settings
- if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
- cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
- chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+ if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
+ cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
fi
- if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
- cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
- chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+ if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
+ cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
fi
fi
done
@@ -389,21 +397,21 @@ function backup_remote_syncthing {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
- if [ -d /home/$USERNAME/Sync ]; then
+ if [ -d "/home/$USERNAME/Sync" ]; then
echo $"Backing up syncthing files for $USERNAME"
- backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME
+ backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
# ensure that device IDs will be backed up as part of user config settings
- if [ ! -d /home/$USERNAME/.config/syncthing ]; then
- mkdir -p /home/$USERNAME/.config/syncthing
- chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+ if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+ mkdir -p "/home/$USERNAME/.config/syncthing"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi
- if [ -f /home/$USERNAME/.syncthing-server-id ]; then
- cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
- chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+ if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+ cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi
- if [ -f /home/$USERNAME/.syncthingids ]; then
- cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
- chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+ if [ -f "/home/$USERNAME/.syncthingids" ]; then
+ cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi
fi
fi
@@ -416,7 +424,7 @@ function restore_remote_syncthing {
systemctl stop cron
fi
- if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then
+ if [ -d "$SERVER_DIRECTORY/backup/syncthingconfig" ]; then
echo $"Restoring syncthing configuration"
temp_restore_dir=/root/tempsyncthingconfig
function_check restore_directory_from_friend
@@ -425,8 +433,7 @@ function restore_remote_syncthing {
if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
mkdir -p $SYNCTHING_CONFIG_PATH
fi
- cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/
- if [ ! "$?" = "0" ]; then
+ if ! cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/; then
systemctl start syncthing
systemctl start cron
exit 6833
@@ -434,7 +441,7 @@ function restore_remote_syncthing {
rm -rf $temp_restore_dir
fi
- if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then
+ if [ -d "$SERVER_DIRECTORY/backup/syncthingshared" ]; then
echo $"Restoring syncthing shared files"
temp_restore_dir=/root/tempsyncthingshared
function_check restore_directory_from_friend
@@ -446,30 +453,31 @@ function restore_remote_syncthing {
rm -rf ${temp_restore_dir}
fi
- if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
+ if [ -d "$SERVER_DIRECTORY/backup/syncthing" ]; then
for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
- if [ ! -d /home/$USERNAME ]; then
- ${PROJECT_NAME}-adduser $USERNAME
+ if [ ! -d "/home/$USERNAME" ]; then
+ "${PROJECT_NAME}-adduser" "$USERNAME"
fi
echo $"Restoring syncthing files for $USERNAME"
temp_restore_dir=/root/tempsyncthing
function_check restore_directory_from_friend
- restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME
- if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then
- cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
+ restore_directory_from_friend "$temp_restore_dir" "syncthing/$USERNAME"
+ if [ -d "$temp_restore_dir/home/$USERNAME/Sync" ]; then
+ cp -r "$temp_restore_dir/home/$USERNAME/Sync" "/home/$USERNAME/"
else
- if [ ! -d /home/$USERNAME/Sync ]; then
- mkdir /home/$USERNAME/Sync
+ if [ ! -d "/home/$USERNAME/Sync" ]; then
+ mkdir "/home/$USERNAME/Sync"
fi
if [ -d /root/Sync ]; then
- cp -r /root/Sync/* /home/$USERNAME/Sync/
+ cp -r /root/Sync/* "/home/$USERNAME/Sync/"
rm -rf /root/Sync
else
- cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+ cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
fi
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
systemctl start syncthing
@@ -479,13 +487,13 @@ function restore_remote_syncthing {
rm -rf $temp_restore_dir
# restore device IDs from config settings
- if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
- cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
- chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+ if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
+ cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
fi
- if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
- cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
- chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+ if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
+ cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
fi
echo $"Restore of syncthing files for $USERNAME complete"
fi
diff --git a/src/freedombone-app-tahoelafs b/src/freedombone-app-tahoelafs
index b8b795d56..f6fcbc9b0 100755
--- a/src/freedombone-app-tahoelafs
+++ b/src/freedombone-app-tahoelafs
@@ -72,52 +72,52 @@ function add_user_tahoelafs {
new_username="$1"
new_user_password="$2"
- ${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password"
+ "${PROJECT_NAME}-pass" -u "$new_username" -a tahoelafs -p "$new_user_password"
if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
- sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+ sed -i "'/${new_username}:/d" /etc/nginx/.htpasswd-tahoelafs
fi
- echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username}
+ echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${new_username}"
echo '0'
}
function remove_user_tahoelafs {
remove_username="$1"
- ${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs
+ "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp tahoelafs
if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
- sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+ sed -i "/${remove_username}:/d" /etc/nginx/.htpasswd-tahoelafs
fi
}
function change_password_tahoelafs {
change_username="$1"
change_password="$2"
- ${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password"
+ "${PROJECT_NAME}-pass" -u "$change_username" -a tahoelafs -p "$change_password"
if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
- sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+ sed -i "/tahoe-${change_username}:/d" /etc/nginx/.htpasswd-tahoelafs
fi
- echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username}
+ echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${change_username}"
}
function add_tahoelafs_storage_node_interactive {
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Configuration" \
--title $"Add Tahoe-LAFS storage node" \
- --form $"\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
+ --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
$"Hostname:" 1 1 "" 1 14 53 40 \
$"Public Key:" 2 1 "" 2 14 53 255 \
$"Nickname:" 3 1 "" 3 14 53 255 \
$"FURL:" 4 1 "" 4 14 53 255 \
- 2> $data
+ 2> "$data"
sel=$?
case $sel in
1) return;;
255) return;;
esac
- storage_hostname=$(cat $data | sed -n 1p)
- public_key="$(cat $data | sed -n 2p)"
- nick=$(cat $data | sed -n 3p)
- furl=$(cat $data | sed -n 4p)
+ storage_hostname=$(sed -n 1p < "$data")
+ public_key=$(sed -n 2p < "$data")
+ nick=$(sed -n 3p < "$data")
+ furl=$(sed -n 4p < "$data")
+ rm -f "$data"
if [ ${#public_key} -eq 0 ]; then
return
@@ -142,23 +142,26 @@ function edit_tahoelafs_shares {
read_config_param TAHOELAFS_SHARES_HAPPY
read_config_param TAHOELAFS_SHARES_TOTAL
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Configuration" \
--title $"Tahoe-LAFS shares" \
- --form $"\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
+ --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
$"Needed:" 1 1 "${TAHOELAFS_SHARES_NEEDED}" 1 14 4 4 \
$"Happy:" 2 1 "${TAHOELAFS_SHARES_HAPPY}" 2 14 4 4 \
$"Total:" 3 1 "${TAHOELAFS_SHARES_TOTAL}" 3 14 4 4 \
- 2> $data
+ 2> "$data"
sel=$?
case $sel in
- 1) return;;
- 255) return;;
+ 1) rm -f "$data"
+ return;;
+ 255) rm -f "$data"
+ return;;
esac
- tl_needed="$(cat $data | sed -n 1p)"
- tl_happy="$(cat $data | sed -n 2p)"
- tl_total="$(cat $data | sed -n 3p)"
+ tl_needed=$(sed -n 1p < "$data")
+ tl_happy=$(sed -n 2p < "$data")
+ tl_total=$(sed -n 3p < "$data")
+ rm -f "$data"
+
if [ ${#tl_needed} -gt 0 ]; then
TAHOELAFS_SHARES_NEEDED=${tl_needed}
fi
@@ -185,88 +188,90 @@ function edit_tahoelafs_shares {
}
function configure_interactive_tahoelafs {
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Configuration" \
--title $"Tahoe-LAFS" \
--radiolist $"The least authority is always the best" 11 50 5 \
1 "Add a storage node" off \
2 "Manually edit storage nodes" off \
3 "Shares settings" off \
- 4 "Back to main menu" on 2> $data
+ 4 "Back to main menu" on 2> "$data"
sel=$?
case $sel in
- 1) exit 1;;
- 255) exit 1;;
+ 1) rm -f "$data"
+ exit 1;;
+ 255) rm -f "$data"
+ exit 1;;
esac
- case $(cat $data) in
+ case $(cat "$data") in
1) add_tahoelafs_storage_node_interactive;;
2) edit_tahoelafs_nodes;;
3) edit_tahoelafs_shares;;
esac
+ rm -f "$data"
}
function tahoelafs_setup_client_config {
- config_file=$1
+ config_file="$1"
nick="$2"
- echo '[node]' > $config_file
- echo "nickname = $nick" >> $config_file
- echo 'reveal-IP-address = false' >> $config_file
- echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1" >> $config_file
- echo 'web.static = public_html' >> $config_file
- echo 'tub.port = disabled' >> $config_file
- echo 'tub.location = disabled' >> $config_file
- echo '' >> $config_file
- echo '[client]' >> $config_file
- echo 'introducer.furl =' >> $config_file
- echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file
- echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file
- echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file
- echo '' >> $config_file
- echo '[storage]' >> $config_file
- echo 'enabled = false' >> $config_file
- echo 'reserved_space = 3G' >> $config_file
- echo '' >> $config_file
- echo '[helper]' >> $config_file
- echo 'enabled = false' >> $config_file
- echo '' >> $config_file
- echo '[connections]' >> $config_file
- echo 'tcp = tor' >> $config_file
+ { echo '[node]';
+ echo "nickname = $nick";
+ echo 'reveal-IP-address = false';
+ echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1";
+ echo 'web.static = public_html';
+ echo 'tub.port = disabled';
+ echo 'tub.location = disabled';
+ echo '';
+ echo '[client]';
+ echo 'introducer.furl =';
+ echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
+ echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
+ echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
+ echo '';
+ echo '[storage]';
+ echo 'enabled = false';
+ echo 'reserved_space = 3G';
+ echo '';
+ echo '[helper]';
+ echo 'enabled = false';
+ echo '';
+ echo '[connections]';
+ echo 'tcp = tor'; } > "$config_file"
}
function tahoelafs_setup_storage_config {
- config_file=$1
+ config_file="$1"
nick="$2"
- echo '[node]' > $config_file
- echo "nickname = $nick" >> $config_file
- echo 'reveal-IP-address = false' >> $config_file
- echo 'web.port =' >> $config_file
- echo 'web.static = public_html' >> $config_file
- echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1" >> $config_file
- echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}" >> $config_file
- echo '' >> $config_file
- echo '[client]' >> $config_file
- echo 'introducer.furl =' >> $config_file
- echo 'helper.furl =' >> $config_file
- echo '' >> $config_file
- echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file
- echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file
- echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file
- echo '' >> $config_file
- echo '[storage]' >> $config_file
- echo 'enabled = true' >> $config_file
- echo 'reserved_space = 3G' >> $config_file
- echo 'expire.enabled = true' >> $config_file
- echo 'expire.mode = age' >> $config_file
- echo 'expire.override_lease_duration = 3 months' >> $config_file
- echo '' >> $config_file
- echo '[helper]' >> $config_file
- echo 'enabled = false' >> $config_file
- echo '' >> $config_file
- echo '[connections]' >> $config_file
- echo 'tcp = tor' >> $config_file
+ { echo '[node]';
+ echo "nickname = $nick";
+ echo 'reveal-IP-address = false';
+ echo 'web.port =';
+ echo 'web.static = public_html';
+ echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1";
+ echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}";
+ echo '';
+ echo '[client]';
+ echo 'introducer.furl =';
+ echo 'helper.furl =';
+ echo '';
+ echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
+ echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
+ echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
+ echo '';
+ echo '[storage]';
+ echo 'enabled = true';
+ echo 'reserved_space = 3G';
+ echo 'expire.enabled = true';
+ echo 'expire.mode = age';
+ echo 'expire.override_lease_duration = 3 months';
+ echo '';
+ echo '[helper]';
+ echo 'enabled = false';
+ echo '';
+ echo '[connections]';
+ echo 'tcp = tor'; } > "$config_file"
chown -R tahoelafs:debian-tor $TAHOE_DIR
}
@@ -304,6 +309,7 @@ function restore_local_tahoelafs {
else
cp -r $temp_restore_dir/* $TAHOE_DIR/
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
if [ -d ${TAHOE_DIR}-old ]; then
mv ${TAHOE_DIR}-old $TAHOE_DIR
@@ -346,14 +352,15 @@ function restore_remote_tahoelafs {
else
cp -r $temp_restore_dir/* $TAHOE_DIR/
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
- if [ -d ${$TAHOE_DIR}-old ]; then
- mv ${TAHOE_DIR}-old $TAHOE_DIR
+ if [ -d "${TAHOE_DIR}-old" ]; then
+ mv "${TAHOE_DIR}-old" $TAHOE_DIR
fi
exit 623925
fi
- if [ -d ${$TAHOE_DIR}-old ]; then
- rm -rf ${$TAHOE_DIR}-old
+ if [ -d "${TAHOE_DIR}-old" ]; then
+ rm -rf "${TAHOE_DIR}-old"
fi
rm -rf $temp_restore_dir
chown -R tahoelafs:debian-tor $TAHOE_DIR
@@ -398,7 +405,7 @@ function remove_tahoelafs {
remove_completion_param install_tahoelafs
function_check remove_onion_service
remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT}
- remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} $(get_tahoelafs_nick)
+ remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} "$(get_tahoelafs_nick)"
sed -i '/HidServAuth /d' /etc/tor/torrc
groupdel -f tahoelafs
@@ -437,23 +444,23 @@ function create_tahoelafs_stealth_node {
exit 682362
fi
- if [ ! -f ${node_dir}/tahoe.cfg ]; then
+ if [ ! -f "${node_dir}/tahoe.cfg" ]; then
su -c "mkdir ${node_dir}" - tahoelafs
su -c "$TAHOE_COMMAND create-node -C ${node_dir} --hostname=fixme" - tahoelafs
- tahoelafs_setup_storage_config ${node_dir}/tahoe.cfg ${node_nick}
+ tahoelafs_setup_storage_config "${node_dir}/tahoe.cfg" "${node_nick}"
fi
- if [ ! -f ${client_dir}/tahoe.cfg ]; then
+ if [ ! -f "${client_dir}/tahoe.cfg" ]; then
su -c "mkdir ${client_dir}" - tahoelafs
su -c "$TAHOE_COMMAND create-client -C ${client_dir}" - tahoelafs
- tahoelafs_setup_client_config ${client_dir}/tahoe.cfg ${client_nick}
+ tahoelafs_setup_client_config "${client_dir}/tahoe.cfg" "${client_nick}"
fi
}
function create_tahoelafs_introducer {
introducer_dir="$1"
- if [ -f ${introducer_dir}/tahoe.cfg ]; then
+ if [ -f "${introducer_dir}/tahoe.cfg" ]; then
return
fi
@@ -470,7 +477,7 @@ function create_tahoelafs_storage_node {
return
fi
- if [ -f ${node_dir}/tahoe.cfg ]; then
+ if [ -f "${node_dir}/tahoe.cfg" ]; then
return
fi
@@ -487,15 +494,15 @@ function create_tahoelafs_client {
return
fi
- if [ -f ${client_dir}/tahoe.cfg ]; then
+ if [ -f "${client_dir}/tahoe.cfg" ]; then
return
fi
su -c "mkdir ${client_dir}" - tahoelafs
su -c "$TAHOE_COMMAND create-client -C ${client_dir} --introducer=\"$furl\" --listen=tor --hide-ip --hostname=127.0.0.1" - tahoelafs
- sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' $client_dir/tahoe.cfg
- sed -i 's|tub.port =.*|tub.port = disabled|g' $client_dir/tahoe.cfg
- sed -i 's|tub.location =.*|tub.location = disabled|g' $client_dir/tahoe.cfg
+ sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' "$client_dir/tahoe.cfg"
+ sed -i 's|tub.port =.*|tub.port = disabled|g' "$client_dir/tahoe.cfg"
+ sed -i 's|tub.location =.*|tub.location = disabled|g' "$client_dir/tahoe.cfg"
}
function get_tahoelafs_furl {
@@ -510,11 +517,11 @@ function get_tahoelafs_nick {
}
function get_tahoelafs_storage_hostname {
- echo "$(cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname)"
+ cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname
}
function get_tahoelafs_public_key {
- echo "$(cat $TAHOE_DIR/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
+ grep 'v0-' "$TAHOE_DIR/storage/node.pubkey" | sed 's|pub-||g'
}
function add_tahoelafs_server {
@@ -549,10 +556,10 @@ function add_tahoelafs_server {
fi
echo '# storage' >> ${tahoelafs_storage_file}
fi
- echo " ${public_key}:" >> ${tahoelafs_storage_file}
- echo " ann:" >> ${tahoelafs_storage_file}
- echo " nickname: ${nick}" >> ${tahoelafs_storage_file}
- echo " anonymous-storage-FURL: ${furl}" >> ${tahoelafs_storage_file}
+ { echo " ${public_key}:";
+ echo " ann:";
+ echo " nickname: ${nick}";
+ echo " anonymous-storage-FURL: ${furl}"; } >> "${tahoelafs_storage_file}"
chown tahoelafs:debian-tor ${tahoelafs_storage_file}
if ! grep -q "HidServAuth ${storage_hostname}" /etc/tor/torrc; then
@@ -566,27 +573,27 @@ function create_tahoelafs_daemon {
TAHOELAFS_DAEMON_FILE=/etc/systemd/system/tahoelafs-${daemon_name}.service
echo "Creating daemon: $TAHOELAFS_DAEMON_FILE"
- echo '[Unit]' > $TAHOELAFS_DAEMON_FILE
- echo "Description=Tahoe-LAFS ${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
- echo 'After=syslog.target' >> $TAHOELAFS_DAEMON_FILE
- echo 'After=network.target' >> $TAHOELAFS_DAEMON_FILE
- echo '' >> $TAHOELAFS_DAEMON_FILE
- echo '[Service]' >> $TAHOELAFS_DAEMON_FILE
- echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE
- echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE
- echo "Group=debian-tor" >> $TAHOELAFS_DAEMON_FILE
- echo "WorkingDirectory=${TAHOE_DIR}" >> $TAHOELAFS_DAEMON_FILE
- echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
- echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
- echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE
- echo 'RestartSec=10' >> $TAHOELAFS_DAEMON_FILE
- echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"" >> $TAHOELAFS_DAEMON_FILE
- echo '' >> $TAHOELAFS_DAEMON_FILE
- echo '[Install]' >> $TAHOELAFS_DAEMON_FILE
- echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE
- systemctl enable tahoelafs-${daemon_name}
+ { echo '[Unit]';
+ echo "Description=Tahoe-LAFS ${daemon_name}";
+ echo 'After=syslog.target';
+ echo 'After=network.target';
+ echo '';
+ echo '[Service]';
+ echo 'Type=simple';
+ echo "User=tahoelafs";
+ echo "Group=debian-tor";
+ echo "WorkingDirectory=${TAHOE_DIR}";
+ echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}";
+ echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}";
+ echo 'Restart=on-failure';
+ echo 'RestartSec=10';
+ echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"";
+ echo '';
+ echo '[Install]';
+ echo 'WantedBy=multi-user.target'; } > "$TAHOELAFS_DAEMON_FILE"
+ systemctl enable "tahoelafs-${daemon_name}"
systemctl daemon-reload
- systemctl start tahoelafs-${daemon_name}
+ systemctl start "tahoelafs-${daemon_name}"
}
function create_tahoelafs_web {
@@ -596,44 +603,44 @@ function create_tahoelafs_web {
TAHOELAFS_LOGIN_TEXT=$'Tahoe-LAFS login'
tahoelafs_nginx_site=/etc/nginx/sites-available/tahoelafs
- echo 'server {' > $tahoelafs_nginx_site
- echo " listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;" >> $tahoelafs_nginx_site
- echo " server_name $TAHOELAFS_ONION_HOSTNAME;" >> $tahoelafs_nginx_site
- echo '' >> $tahoelafs_nginx_site
+ { echo 'server {';
+ echo " listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;";
+ echo " server_name $TAHOELAFS_ONION_HOSTNAME;";
+ echo ''; } > "$tahoelafs_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing tahoelafs
- echo '' >> $tahoelafs_nginx_site
- echo ' # Logs' >> $tahoelafs_nginx_site
- echo ' access_log /dev/null;' >> $tahoelafs_nginx_site
- echo ' error_log /dev/null;' >> $tahoelafs_nginx_site
- echo '' >> $tahoelafs_nginx_site
- echo ' # Root' >> $tahoelafs_nginx_site
- echo " root /var/www/tahoelafs/htdocs;" >> $tahoelafs_nginx_site
- echo '' >> $tahoelafs_nginx_site
- echo ' location / {' >> $tahoelafs_nginx_site
- echo " auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";" >> $tahoelafs_nginx_site
- echo ' auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;' >> $tahoelafs_nginx_site
+ { echo '';
+ echo ' # Logs';
+ echo ' access_log /dev/null;';
+ echo ' error_log /dev/null;';
+ echo '';
+ echo ' # Root';
+ echo " root /var/www/tahoelafs/htdocs;";
+ echo '';
+ echo ' location / {';
+ echo " auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";";
+ echo ' auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;'; } >> "$tahoelafs_nginx_site"
function_check nginx_limits
nginx_limits tahoelafs '15m'
- echo ' rewrite /(.*) /$1 break;' >> $tahoelafs_nginx_site
- echo ' proxy_set_header X-Real-IP $remote_addr;' >> $tahoelafs_nginx_site
- echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $tahoelafs_nginx_site
- echo ' proxy_set_header Host $http_host;' >> $tahoelafs_nginx_site
- echo ' proxy_set_header X-NginX-Proxy true;' >> $tahoelafs_nginx_site
- echo " proxy_pass http://localhost:${TAHOELAFS_PORT};" >> $tahoelafs_nginx_site
- echo ' proxy_redirect off;' >> $tahoelafs_nginx_site
- echo ' }' >> $tahoelafs_nginx_site
- echo '}' >> $tahoelafs_nginx_site
-
- TAHOELAFS_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
- ${PROJECT_NAME}-pass -u $MY_USERNAME -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
+ { echo " rewrite /(.*) /\$1 break;";
+ echo " proxy_set_header X-Real-IP \$remote_addr;";
+ echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+ echo " proxy_set_header Host \$http_host;";
+ echo ' proxy_set_header X-NginX-Proxy true;';
+ echo " proxy_pass http://localhost:${TAHOELAFS_PORT};";
+ echo ' proxy_redirect off;';
+ echo ' }';
+ echo '}'; } >> "$tahoelafs_nginx_site"
+
+ TAHOELAFS_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+ "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
touch /etc/nginx/.htpasswd-tahoelafs
fi
if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
- sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs
+ sed -i "/${MY_USERNAME}:/d" /etc/nginx/.htpasswd-tahoelafs
fi
- echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME}
+ echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${MY_USERNAME}"
function_check nginx_ensite
nginx_ensite tahoelafs
@@ -641,7 +648,7 @@ function create_tahoelafs_web {
}
function install_tahoelafs {
- if [ $INSTALLING_MESH ]; then
+ if [ "$INSTALLING_MESH" ]; then
return
fi
@@ -692,7 +699,7 @@ function install_tahoelafs {
# create an onion address for client node
TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})
- create_tahoelafs_stealth_node $TAHOE_DIR/storage $TAHOE_DIR/client ${node_nick} ${client_nick}
+ create_tahoelafs_stealth_node "$TAHOE_DIR/storage" "$TAHOE_DIR/client" "${node_nick}" "${client_nick}"
# start the storage node
su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs
diff --git a/src/freedombone-app-tox b/src/freedombone-app-tox
index a9c30633a..3763d6ddb 100755
--- a/src/freedombone-app-tox
+++ b/src/freedombone-app-tox
@@ -74,12 +74,12 @@ function logging_off_tox {
function remove_user_tox {
remove_username="$1"
- if [ -d /home/$remove_username/.config/tox ]; then
- if [ -d /home/$remove_username/.config/tox/chatlogs ]; then
- shred -zu /home/$remove_username/.config/tox/chatlogs/*
- rm -rf /home/$remove_username/.config/tox/chatlogs
+ if [ -d "/home/$remove_username/.config/tox" ]; then
+ if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
+ shred -zu "/home/$remove_username/.config/tox/chatlogs/*"
+ rm -rf "/home/$remove_username/.config/tox/chatlogs"
fi
- shred -zu /home/$remove_username/.config/tox/*
+ shred -zu "/home/$remove_username/.config/tox/*"
fi
}
@@ -87,27 +87,27 @@ function add_user_tox {
new_username="$1"
# Note: password isn't used
- new_user_password="$2"
+ #new_user_password="$2"
USER_TOX_FILE=/home/${new_username}/.config/tox/data.tox
- if [ ! -f $USER_TOX_FILE ]; then
- mkdir -p /home/${new_username}/.config/tox
- chown -R ${new_username}:${new_username} /home/${new_username}/.config
- su -c "toxid -u ${new_username} -n data" - $new_username
- su -c "toxid --setuser ${new_username}" - $new_username
+ if [ ! -f "$USER_TOX_FILE" ]; then
+ mkdir -p "/home/${new_username}/.config/tox"
+ chown -R "${new_username}":"${new_username}" "/home/${new_username}/.config"
+ su -c "toxid -u ${new_username} -n data" - "$new_username"
+ su -c "toxid --setuser ${new_username}" - "$new_username"
fi
}
function run_client_tox {
# create a tox user
USER_TOX_FILE=/home/${USER}/.config/tox/data.tox
- if [ ! -f $USER_TOX_FILE ]; then
- mkdir -p /home/${USER}/.config/tox
- chown -R ${USER}:${USER} /home/${USER}/.config
- toxid -u ${USER} -n data
- toxid --setuser ${USER}
+ if [ ! -f "$USER_TOX_FILE" ]; then
+ mkdir -p "/home/${USER}/.config/tox"
+ chown -R "${USER}":"${USER}" "/home/${USER}/.config"
+ toxid -u "${USER}" -n data
+ toxid --setuser "${USER}"
fi
- toxic -f $USER_TOX_FILE --force-tcp --SOCKS5-proxy 127.0.0.1 9050
+ toxic -f "$USER_TOX_FILE" --force-tcp --SOCKS5-proxy 127.0.0.1 9050
}
function install_interactive_tox {
@@ -121,16 +121,17 @@ function configure_interactive_tox {
fi
bootstrap_id=$(cat $TOX_BOOTSTRAP_ID_FILE)
dialog --title $"Tox Bootstrap Node ID" \
- --msgbox $"\n$bootstrap_id\n\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
+ --msgbox $"\\n$bootstrap_id\\n\\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
}
function mesh_tox_qtox {
- if [ ! ${rootdir}$INSTALL_DIR ]; then
+ # shellcheck disable=SC2154
+ if [ ! "${rootdir}$INSTALL_DIR" ]; then
INSTALL_DIR=${rootdir}/root/build
fi
- if [ ! -d ${rootdir}$INSTALL_DIR ]; then
- mkdir -p ${rootdir}$INSTALL_DIR
+ if [ ! -d "${rootdir}$INSTALL_DIR" ]; then
+ mkdir -p "${rootdir}$INSTALL_DIR"
fi
chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
@@ -149,30 +150,30 @@ function mesh_tox_qtox {
chroot "${rootdir}" apt-get -yq install build-essential cmake ffmpeg libexif-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk2.0-dev libopenal-dev libqrencode-dev libqt5opengl5-dev libqt5svg5-dev libsqlcipher-dev libxss-dev pkg-config qrencode qt5-default qt5-qmake qttools5-dev qttools5-dev-tools yasm
if [ -d /repos/qtox ]; then
- mkdir ${rootdir}$INSTALL_DIR/qtox
- cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox
- cd ${rootdir}$INSTALL_DIR/qtox
+ mkdir "${rootdir}$INSTALL_DIR/qtox"
+ cp -r -p /repos/qtox/. "${rootdir}$INSTALL_DIR/qtox"
+ cd "${rootdir}$INSTALL_DIR/qtox" || exit 264826826
git pull
else
- git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
+ git clone "$QTOX_REPO" "${rootdir}$INSTALL_DIR/qtox"
fi
- if [ ! -d ${rootdir}$INSTALL_DIR/qtox ]; then
+ if [ ! -d "${rootdir}$INSTALL_DIR/qtox" ]; then
exit 72428
fi
- cd ${rootdir}${INSTALL_DIR}/qtox
+ cd "${rootdir}${INSTALL_DIR}/qtox" || exit 235745728
git checkout $QTOX_COMMIT -b $QTOX_COMMIT
- chroot ${rootdir} /bin/bash -x <<EOF
+ chroot "${rootdir}" /bin/bash -x <<EOF
cd ${INSTALL_DIR}/qtox
export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig"
cmake .
make
make install
EOF
- if [ ! -f ${rootdir}/usr/local/bin/qtox ]; then
+ if [ ! -f "${rootdir}/usr/local/bin/qtox" ]; then
exit 75784
fi
- cp ${rootdir}/usr/local/bin/qtox ${rootdir}/usr/bin/qtox
+ cp "${rootdir}/usr/local/bin/qtox" "${rootdir}/usr/bin/qtox"
}
function reconfigure_tox {
@@ -181,9 +182,9 @@ function reconfigure_tox {
function upgrade_tox {
function_check set_repo_commit
- set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
- if [[ $(commit_has_changed $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
- cd $INSTALL_DIR/toxcore
+ set_repo_commit "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
+ if [[ $(commit_has_changed "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
+ cd "$INSTALL_DIR/toxcore" || exit 53683563
sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
autoreconf -i
./configure --enable-daemon
@@ -194,9 +195,9 @@ function upgrade_tox {
fi
function_check set_repo_commit
- set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
- if [[ $(commit_has_changed $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
- cd $INSTALL_DIR/toxic
+ set_repo_commit "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
+ if [[ $(commit_has_changed "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
+ cd "$INSTALL_DIR/toxic" || exit 4684618
make
make install
fi
@@ -221,12 +222,11 @@ function backup_local_tox {
}
function restore_local_tox {
- if [ -d $USB_MOUNT/backup/tox ]; then
+ if [ -d "$USB_MOUNT/backup/tox" ]; then
echo $"Restoring Tox node settings"
function_check restore_directory_from_usb
#restore_directory_from_usb / tox
- restore_directory_from_usb /var/lib/tox-bootstrapd tox
- if [ ! "$?" = "0" ]; then
+ if ! restore_directory_from_usb /var/lib/tox-bootstrapd tox; then
function_check set_user_permissions
set_user_permissions
function_check backup_unmount_drive
@@ -234,8 +234,7 @@ function restore_local_tox {
exit 6393
fi
cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
- systemctl restart tox-bootstrapd.service
- if [ ! "$?" = "0" ]; then
+ if ! systemctl restart tox-bootstrapd.service; then
systemctl status tox-bootstrapd.service
function_check set_user_permissions
set_user_permissions
@@ -259,17 +258,15 @@ function backup_remote_tox {
}
function restore_remote_tox {
- if [ -d $SERVER_DIRECTORY/backup/tox ]; then
+ if [ -d "$SERVER_DIRECTORY/backup/tox" ]; then
echo $"Restoring Tox node settings"
function_check restore_directory_from_friend
#restore_directory_from_friend / tox
- restore_directory_from_friend /var/lib/tox-bootstrapd tox
- if [ ! "$?" = "0" ]; then
+ if ! restore_directory_from_friend /var/lib/tox-bootstrapd tox; then
exit 93653
fi
cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
- systemctl restart tox-bootstrapd.service
- if [ ! "$?" = "0" ]; then
+ if ! systemctl restart tox-bootstrapd.service; then
systemctl status tox-bootstrapd.service
exit 59369
fi
@@ -283,8 +280,7 @@ function remove_tox_node {
function_check remove_onion_service
remove_onion_service tox ${TOX_PORT}
- ${PROJECT_NAME}-mesh-install -f tox_node --remove yes
- if [ ! "$?" = "0" ]; then
+ if ! "${PROJECT_NAME}-mesh-install" -f tox_node --remove yes; then
echo $'Failed to remove tox node'
exit 763836
fi
@@ -293,21 +289,20 @@ function remove_tox_node {
}
function remove_tox_avahi {
- cd $INSTALL_DIR/toxid
+ cd "$INSTALL_DIR/toxid" || exit 82456275
make uninstall
- rm -rf $INSTALL_DIR/toxid
- sed -i '/tox_avahi/d' $COMPLETION_FILE
+ rm -rf "$INSTALL_DIR/toxid"
+ sed -i '/tox_avahi/d' "$COMPLETION_FILE"
}
function remove_tox_client {
- ${PROJECT_NAME}-mesh-install -f tox_client --remove yes
- if [ ! "$?" = "0" ]; then
+ if ! "${PROJECT_NAME}-mesh-install" -f tox_client --remove yes; then
echo $'Could not remove Tox client'
exit 737253
fi
- sed -i '/install_tox_client/d' $COMPLETION_FILE
- sed -i '/Tox /d' $COMPLETION_FILE
- sed -i '/Toxic /d' $COMPLETION_FILE
+ sed -i '/install_tox_client/d' "$COMPLETION_FILE"
+ sed -i '/Tox /d' "$COMPLETION_FILE"
+ sed -i '/Toxic /d' "$COMPLETION_FILE"
}
function remove_tox {
@@ -317,7 +312,7 @@ function remove_tox {
}
function configure_firewall_for_tox {
- if [ ! $INSTALLING_MESH ]; then
+ if [ ! "$INSTALLING_MESH" ]; then
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
@@ -331,16 +326,16 @@ function configure_firewall_for_tox {
return
fi
- TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
+ TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
TOX_PORT=$TOX_PORT_MAIN
fi
- if [ ! $TOX_PORT ]; then
+ if [ ! "$TOX_PORT" ]; then
echo $'No Tox port was specified'
exit 32856
fi
- firewall_add Tox ${TOX_PORT}
+ firewall_add Tox "${TOX_PORT}"
mark_completed "${FUNCNAME[0]}"
}
@@ -355,24 +350,23 @@ function tox_avahi {
fi
# install a command to obtain the Tox ID
- cd $INSTALL_DIR
+ cd "$INSTALL_DIR" || exit 131497953
if [ -d /repos/toxid ]; then
- mkdir $INSTALL_DIR/toxid
- cp -r -p /repos/toxid/. $INSTALL_DIR/toxid
- cd $INSTALL_DIR/toxid
+ mkdir "$INSTALL_DIR/toxid"
+ cp -r -p /repos/toxid/. "$INSTALL_DIR/toxid"
+ cd "$INSTALL_DIR/toxid" || exit 468276424526
git pull
else
function_check git_clone
- git_clone $TOXID_REPO $INSTALL_DIR/toxid
+ git_clone "$TOXID_REPO" "$INSTALL_DIR/toxid"
fi
- if [ ! -d $INSTALL_DIR/toxid ]; then
+ if [ ! -d "$INSTALL_DIR/toxid" ]; then
exit 63921
fi
- cd $INSTALL_DIR/toxid
- make
- if [ ! "$?" = "0" ]; then
+ cd "$INSTALL_DIR/toxid" || exit 4782462846
+ if ! make; then
exit 58432
fi
make install
@@ -399,13 +393,13 @@ function install_tox_node {
mesh_tox_node
# onion address for bootstrapping
- TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT})
+ add_onion_service tox "${TOX_PORT}" "${TOX_PORT}"
systemctl restart tox-bootstrapd.service
sleep 3
- TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
+ TOX_PUBLIC_KEY=$(grep tox /var/log/syslog | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
echo $'Could not obtain the tox node public key'
exit 6529
@@ -435,58 +429,58 @@ function install_tox_client {
function mesh_tox_node {
# obtain commits from the main file
- TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+ TOXCORE_COMMIT_MAIN=$(grep "TOXCORE_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
fi
- if [ ! $TOXCORE_COMMIT ]; then
+ if [ ! "$TOXCORE_COMMIT" ]; then
echo $'No Tox commit was specified'
exit 76325
fi
- TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+ TOXID_REPO_MAIN=$(grep "TOXID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
TOXID_REPO=$TOXID_REPO_MAIN
fi
- if [ ! $TOXID_REPO ]; then
+ if [ ! "$TOXID_REPO" ]; then
echo $'No ToxID repo was specified'
exit 78252
fi
- TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
+ TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
TOX_PORT=$TOX_PORT_MAIN
fi
- if [ ! $TOX_PORT ]; then
+ if [ ! "$TOX_PORT" ]; then
echo $'No Tox port was specified'
exit 32856
fi
- TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+ TOXCORE_REPO_MAIN=$(grep "TOXCORE_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
TOXCORE_REPO=$TOXCORE_REPO_MAIN
fi
- if [ ! $TOXCORE_REPO ]; then
+ if [ ! "$TOXCORE_REPO" ]; then
echo $'No Tox repo was specified'
exit 16865
fi
- if [ ! $TOXCORE_COMMIT ]; then
+ if [ ! "$TOXCORE_COMMIT" ]; then
echo $'No Tox commit was specified'
exit 76325
fi
- if [ ! $TOXCORE_REPO ]; then
+ if [ ! "$TOXCORE_REPO" ]; then
echo $'No Tox repo was specified'
exit 16865
fi
- if [ $rootdir ]; then
- chroot ${rootdir} apt-get -yq install build-essential libtool autotools-dev
- chroot ${rootdir} apt-get -yq install automake checkinstall check git yasm
- chroot ${rootdir} apt-get -yq install libsodium18 libsodium-dev libcap2-bin
- chroot ${rootdir} apt-get -yq install libconfig9 libconfig-dev autoconf
- chroot ${rootdir} apt-get -yq install libopus-dev libvpx-dev
+ if [ "$rootdir" ]; then
+ chroot "${rootdir}" apt-get -yq install build-essential libtool autotools-dev
+ chroot "${rootdir}" apt-get -yq install automake checkinstall check git yasm
+ chroot "${rootdir}" apt-get -yq install libsodium18 libsodium-dev libcap2-bin
+ chroot "${rootdir}" apt-get -yq install libconfig9 libconfig-dev autoconf
+ chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev
else
apt-get -yq install build-essential libtool autotools-dev
apt-get -yq install automake checkinstall check git yasm
@@ -495,27 +489,26 @@ function mesh_tox_node {
apt-get -yq install libopus-dev libvpx-dev
fi
- if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
- mkdir -p ${rootdir}${INSTALL_DIR}
+ if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+ mkdir -p "${rootdir}${INSTALL_DIR}"
fi
- if [ ! -d ${rootdir}${INSTALL_DIR}/toxcore ]; then
+ if [ ! -d "${rootdir}${INSTALL_DIR}/toxcore" ]; then
if [ -d /repos/toxcore ]; then
- mkdir ${rootdir}${INSTALL_DIR}/toxcore
- cp -r -p /repos/toxcore/. ${rootdir}${INSTALL_DIR}/toxcore
- cd ${rootdir}${INSTALL_DIR}/toxcore
+ mkdir "${rootdir}${INSTALL_DIR}/toxcore"
+ cp -r -p /repos/toxcore/. "${rootdir}${INSTALL_DIR}/toxcore"
+ cd "${rootdir}${INSTALL_DIR}/toxcore" || exit 2468246284
git pull
else
- git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
- if [ ! "$?" = "0" ]; then
- exit 429252
+ if ! git clone "${TOXCORE_REPO}" "${rootdir}${INSTALL_DIR}/toxcore"; then
+ exit 4292521
fi
fi
fi
- cd ${rootdir}$INSTALL_DIR/toxcore
- git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT
+ cd "${rootdir}$INSTALL_DIR/toxcore" || exit 46824624
+ git checkout "$TOXCORE_COMMIT" -b "$TOXCORE_COMMIT"
- if [ ${rootdir} ]; then
- chroot ${rootdir} /bin/bash -x <<EOF
+ if [ "${rootdir}" ]; then
+ chroot "${rootdir}" /bin/bash -x <<EOF
cd ${INSTALL_DIR}/toxcore
autoreconf -i
./configure --enable-daemon
@@ -532,28 +525,28 @@ make install
EOF
fi
- cp $rootdir/usr/local/lib/libtoxcore* $rootdir/usr/lib/
- cp ${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service $rootdir/etc/systemd/system/
- sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
- if [ ${rootdir} ]; then
- chroot ${rootdir} systemctl enable tox-bootstrapd.service
+ cp "$rootdir/usr/local/lib/libtoxcore*" "$rootdir/usr/lib/"
+ cp "${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service" "$rootdir/etc/systemd/system/"
+ sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
+ if [ "${rootdir}" ]; then
+ chroot "${rootdir}" systemctl enable tox-bootstrapd.service
else
systemctl enable tox-bootstrapd.service
fi
SECONDS=0
- if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
+ if [ ! -f "$rootdir/usr/local/bin/tox-bootstrapd" ]; then
duration=$SECONDS
- echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+ echo $"Toxcore compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
echo $'Unable to make toxcore'
exit 73835
fi
duration=$SECONDS
- echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+ echo $"Toxcore compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
- if [ ${rootdir} ]; then
- chroot ${rootdir} /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
- chroot ${rootdir} /bin/chmod 700 /var/lib/tox-bootstrapd
+ if [ "${rootdir}" ]; then
+ chroot "${rootdir}" /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
+ chroot "${rootdir}" /bin/chmod 700 /var/lib/tox-bootstrapd
else
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
@@ -564,87 +557,89 @@ EOF
fi
# remove Maildir
- if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
- rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
+ if [ -d "$rootdir/var/lib/tox-bootstrapd/Maildir" ]; then
+ rm -rf "$rootdir/var/lib/tox-bootstrapd/Maildir"
fi
# create configuration file
TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
- echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG
- echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG
- echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG
- echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG
- echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG
- echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG
- echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG
- echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG
- echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG
- echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG
+ { echo "port = $TOX_PORT";
+ echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"';
+ echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"';
+ echo 'enable_ipv6 = true';
+ echo 'enable_ipv4_fallback = true';
+ echo 'enable_lan_discovery = true';
+ echo 'enable_tcp_relay = true';
+ echo "tcp_relay_ports = [443, 3389, $TOX_PORT]";
+ echo 'enable_motd = true';
+ echo 'motd = "tox-bootstrapd"'; } > "$TOX_BOOTSTRAP_CONFIG"
if [ $TOX_NODES ]; then
- echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG
+ echo 'bootstrap_nodes = (' >> "$TOX_BOOTSTRAP_CONFIG"
toxcount=0
while [ "x${TOX_NODES[toxcount]}" != "x" ]
do
- toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
- toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
- toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
- toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
- toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
- echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG
+ # shellcheck disable=SC2102
+ nodes_str=$(echo $TOX_NODES[toxcount])
+ toxval_ipv4=$(awk "$nodes_str" -F ',' '{print $1}')
+ toxval_ipv6=$(awk "$nodes_str" -F ',' '{print $2}')
+ toxval_port=$(awk "$nodes_str" -F ',' '{print $3}')
+ toxval_pubkey=$(awk "$nodes_str" -F ',' '{print $4}')
+ toxval_maintainer=$(awk "$nodes_str" -F ',' '{print $5}')
+ echo "{ // $toxval_maintainer" >> "$TOX_BOOTSTRAP_CONFIG"
if [[ $toxval_ipv6 != 'NONE' ]]; then
- echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG
+ echo " address = \"$toxval_ipv6\"" >> "$TOX_BOOTSTRAP_CONFIG"
else
- echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG
+ echo " address = \"$toxval_ipv4\"" >> "$TOX_BOOTSTRAP_CONFIG"
fi
- echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG
- echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG
- toxcount=$(( $toxcount + 1 ))
+ echo " port = $toxval_port" >> "$TOX_BOOTSTRAP_CONFIG"
+ echo " public_key = \"$toxval_pubkey\"" >> "$TOX_BOOTSTRAP_CONFIG"
+ toxcount=$((toxcount + 1))
if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
- echo "}," >> $TOX_BOOTSTRAP_CONFIG
+ echo "}," >> "$TOX_BOOTSTRAP_CONFIG"
else
- echo "}" >> $TOX_BOOTSTRAP_CONFIG
+ echo "}" >> "$TOX_BOOTSTRAP_CONFIG"
fi
done
- echo ')' >> $TOX_BOOTSTRAP_CONFIG
+ echo ')' >> "$TOX_BOOTSTRAP_CONFIG"
fi
- if [ -f $rootdir/var/lib/tox-bootstrapd/keys ]; then
- chmod 700 $rootdir/var/lib/tox-bootstrapd/keys
+ if [ -f "$rootdir/var/lib/tox-bootstrapd/keys" ]; then
+ chmod 700 "$rootdir/var/lib/tox-bootstrapd/keys"
fi
}
function mesh_tox_avahi {
- if [ ! -d $rootdir/etc/avahi ]; then
+ if [ ! -d "$rootdir/etc/avahi" ]; then
echo $'tox_avahi: avahi is not installed'
exit 87359
fi
- if [ ! $TOXID_REPO ]; then
+ if [ ! "$TOXID_REPO" ]; then
echo $'No ToxID repo was specified'
exit 78252
fi
- if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
- mkdir -p ${rootdir}${INSTALL_DIR}
+ if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+ mkdir -p "${rootdir}${INSTALL_DIR}"
fi
if [ -d /repos/toxid ]; then
- mkdir ${rootdir}${INSTALL_DIR}/toxid
- cp -r -p /repos/toxid/. ${rootdir}${INSTALL_DIR}/toxid
- cd ${rootdir}${INSTALL_DIR}/toxid
+ mkdir "${rootdir}${INSTALL_DIR}/toxid"
+ cp -r -p /repos/toxid/. "${rootdir}${INSTALL_DIR}/toxid"
+ cd "${rootdir}${INSTALL_DIR}/toxid" || exit 2468246
git pull
else
- git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
+ git clone "${TOXID_REPO}" "${rootdir}${INSTALL_DIR}/toxid"
fi
- if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then
+ if [ ! -d "${rootdir}${INSTALL_DIR}/toxid" ]; then
echo $'Unable to clone toxid repo'
exit 768352
fi
- if [ ${rootdir} ]; then
- chroot ${rootdir} /bin/bash -x <<EOF
+ if [ "${rootdir}" ]; then
+ chroot "${rootdir}" /bin/bash -x <<EOF
cd ${INSTALL_DIR}/toxid
make
make install
@@ -657,45 +652,46 @@ make install
EOF
fi
- if [ ! -f $rootdir/usr/local/bin/toxid ]; then
+ if [ ! -f "$rootdir/usr/local/bin/toxid" ]; then
echo $'toxid not found'
exit 74370
fi
- if [ ! -f $rootdir/usr/local/bin/toxavahi ]; then
+ if [ ! -f "$rootdir/usr/local/bin/toxavahi" ]; then
exit 3621729
fi
MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
- echo '#!/bin/bash' > $MESH_SYNC_COMMAND
- echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
- echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
- chmod +x $MESH_SYNC_COMMAND
+ { echo '#!/bin/bash';
+ echo '/usr/local/bin/toxavahi 2> /dev/null';
+ echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
+ chmod +x "$MESH_SYNC_COMMAND"
- if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then
- echo "*/1 * * * * root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab
- echo "*/1 * * * * root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/cro echo "*/1 * * * * root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
+ if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
+ { echo "*/1 * * * * root /usr/bin/mesh-sync 2> /dev/null";
+ echo "*/1 * * * * root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
+ echo "*/1 * * * * root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
fi
}
function mesh_tox_client {
- TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+ TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
# obtain commits from the main file
- TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+ TOXIC_COMMIT_MAIN=$(grep "TOXIC_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
fi
- TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+ TOXIC_REPO_MAIN=$(grep "TOXIC_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
TOXIC_REPO=$TOXIC_REPO_MAIN
fi
- if [ ${rootdir} ]; then
- chroot ${rootdir} apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
- chroot ${rootdir} apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
- chroot ${rootdir} apt-get -yq install libqrencode-dev
+ if [ "${rootdir}" ]; then
+ chroot "${rootdir}" apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
+ chroot "${rootdir}" apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
+ chroot "${rootdir}" apt-get -yq install libqrencode-dev
else
apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
@@ -704,57 +700,57 @@ function mesh_tox_client {
TEMP_SCRIPT_NAME=fbtmp728353.sh
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
- echo '#!/bin/bash' > $TEMP_SCRIPT
- echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
- echo 'if [ -d /repos/toxic ]; then' >> $TEMP_SCRIPT
- echo " mkdir $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
- echo " cp -r -p /repos/toxic/. $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
- echo " cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
- echo ' git pull' >> $TEMP_SCRIPT
- echo 'else' >> $TEMP_SCRIPT
- echo " git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
- echo 'fi' >> $TEMP_SCRIPT
- echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
- echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
- echo 'make' >> $TEMP_SCRIPT
- echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
- echo ' exit 1' >> $TEMP_SCRIPT
- echo 'fi' >> $TEMP_SCRIPT
- echo 'make install' >> $TEMP_SCRIPT
- echo 'exit 0' >> $TEMP_SCRIPT
+ { echo '#!/bin/bash';
+ echo "mkdir -p $INSTALL_DIR";
+ echo 'if [ -d /repos/toxic ]; then';
+ echo " mkdir $INSTALL_DIR/toxic";
+ echo " cp -r -p /repos/toxic/. $INSTALL_DIR/toxic";
+ echo " cd $INSTALL_DIR/toxic";
+ echo ' git pull';
+ echo 'else';
+ echo " git clone $TOXIC_REPO $INSTALL_DIR/toxic";
+ echo 'fi';
+ echo "cd $INSTALL_DIR/toxic";
+ echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT";
+ echo 'make';
+ echo 'if [ ! "$?" = "0" ]; then';
+ echo ' exit 1';
+ echo 'fi';
+ echo 'make install';
+ echo 'exit 0'; } > "$TEMP_SCRIPT"
chmod +x $TEMP_SCRIPT
- cp $TEMP_SCRIPT $rootdir/root/
+ cp "$TEMP_SCRIPT" "$rootdir/root/"
- TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+ TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
SECONDS=0
- if [ ${rootdir} ]; then
- chroot ${rootdir} /root/$TEMP_SCRIPT_NAME
+ if [ "${rootdir}" ]; then
+ chroot "${rootdir}" "/root/$TEMP_SCRIPT_NAME"
else
/root/$TEMP_SCRIPT_NAME
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
cat -n /root/fbtmp728353.sh
duration=$SECONDS
- echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+ echo $"Toxic client compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
echo $'Unable to make tox client'
rm $TEMP_SCRIPT
exit 74872
fi
rm $TEMP_SCRIPT
- if [ ! -f $rootdir$TOXIC_FILE ]; then
+ if [ ! -f "$rootdir$TOXIC_FILE" ]; then
echo $"Tox client was not installed to $TOXIC_FILE"
exit 63278
fi
duration=$SECONDS
- echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+ echo $"Toxic client compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
}
function enable_tox_repo {
- echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
-
+ echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > "$rootdir/etc/apt/sources.list.d/tox.list"
- cat >> $rootdir/root/gettoxkey.sh <<EOF
+ cat >> "$rootdir/root/gettoxkey.sh" <<EOF
#!/bin/bash
wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key
apt-key add /root/tox.key
@@ -769,30 +765,30 @@ EOF
function install_tox {
configure_firewall_for_tox
- if [ $INSTALLING_MESH ]; then
+ if [ "$INSTALLING_MESH" ]; then
mesh_tox_node
mesh_tox_avahi
mesh_tox_client
else
avoid_tor_restart=
- if [ -f $IMAGE_PASSWORD_FILE ]; then
+ if [ -f "$IMAGE_PASSWORD_FILE" ]; then
if [[ $ONION_ONLY != 'no' ]]; then
avoid_tor_restart=1
fi
fi
if [ $avoid_tor_restart ]; then
- ${PROJECT_NAME}-logging on --onion
+ "${PROJECT_NAME}-logging" on --onion
else
- ${PROJECT_NAME}-logging on
+ "${PROJECT_NAME}-logging" on
fi
install_tox_node
if [ $avoid_tor_restart ]; then
- ${PROJECT_NAME}-logging off --onion
+ "${PROJECT_NAME}-logging" off --onion
else
- ${PROJECT_NAME}-logging off
+ "${PROJECT_NAME}-logging" off
fi
tox_avahi
diff --git a/src/freedombone-app-turtl b/src/freedombone-app-turtl
index c55bbb7d9..415d68cea 100755
--- a/src/freedombone-app-turtl
+++ b/src/freedombone-app-turtl
@@ -68,22 +68,24 @@ function logging_off_turtl {
}
function change_password_turtl {
- change_username="$1"
- new_user_password="$2"
+ echo -n ''
+# change_username="$1"
+# new_user_password="$2"
}
function remove_user_turtl {
- remove_username="$1"
+ echo -n ''
+# remove_username="$1"
}
function add_user_turtl {
- new_username="$1"
- new_user_password="$2"
+# new_username="$1"
+# new_user_password="$2"
echo '0'
}
function install_interactive_turtl {
- if [ ! $ONION_ONLY ]; then
+ if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@@ -128,7 +130,7 @@ function configure_interactive_turtl_signups {
dialog --title $"Allow new turtl signups" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
- --yesno $"\nAllow registration of new users?" 10 60
+ --yesno $"\\nAllow registration of new users?" 10 60
sel=$?
case $sel in
0)
@@ -146,15 +148,14 @@ function configure_interactive_turtl_signups {
}
function configure_interactive_turtl_storage {
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --title $"Change storage limit" \
--backtitle $"Freedombone Control Panel" \
- --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>$data
+ --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>"$data"
sel=$?
case $sel in
0)
- STORAGE=$(<$data)
+ STORAGE=$(<"$data")
if [ ${#STORAGE} -gt 0 ]; then
TURTL_STORAGE_LIMIT_MB=$STORAGE
sed -i "s|defparameter *default-storage-limit*.*|defparameter *default-storage-limit* ${TURTL_STORAGE_LIMIT_MB})|g" $TURTL_BASE_DIR/api/config/config.lisp
@@ -164,27 +165,31 @@ function configure_interactive_turtl_storage {
fi
;;
esac
+ rm -f "$data"
}
function configure_interactive_turtl {
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"turtl app settings" \
--radiolist $"Choose an operation:" 12 70 3 \
1 $"Enable/disable new user registrations" off \
2 $"Change storage limit" off \
- 3 $"Exit" on 2> $data
+ 3 $"Exit" on 2> "$data"
sel=$?
case $sel in
- 1) exit 1;;
- 255) exit 1;;
+ 1) rm -f "$data"
+ exit 1;;
+ 255) rm -f "$data"
+ exit 1;;
esac
- case $(cat $data) in
+ case $(cat "$data") in
1) configure_interactive_turtl_signups;;
2) configure_interactive_turtl_storage;;
- 3) return;;
+ 3) rm -f "$data"
+ return;;
esac
+ rm -f "$data"
}
function reconfigure_turtl {
@@ -255,7 +260,7 @@ function restore_local_turtl {
else
cp -r ${temp_restore_dir}/* /etc/turtl/
fi
-
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
@@ -273,6 +278,7 @@ function restore_local_turtl {
cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
@@ -318,6 +324,7 @@ function restore_remote_turtl {
cp -r ${temp_restore_dir}/* /etc/turtl/
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
if [ -d /etc/turtl_previous ]; then
mv /etc/turtl_previous $TURTL_BASE_DIR
@@ -338,6 +345,7 @@ function restore_remote_turtl {
cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
set_user_permissions
exit 26783
@@ -358,7 +366,7 @@ function remove_turtl {
remove_rethinkdb
remove_app turtl
remove_completion_param install_turtl
- sed -i '/turtl/d' $COMPLETION_FILE
+ sed -i '/turtl/d' "$COMPLETION_FILE"
nginx_dissite $TURTL_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
@@ -444,18 +452,18 @@ __ENDCONFIG__
exit 6238234
fi
- echo '[Unit]' > /etc/systemd/system/turtl.service
- echo 'Description=Note taking service' >> /etc/systemd/system/turtl.service
- echo 'Documentation=http://turtl.it' >> /etc/systemd/system/turtl.service
- echo 'Requires=network.target' >> /etc/systemd/system/turtl.service
- echo 'Requires=rethinkdb.service' >> /etc/systemd/system/turtl.service
- echo 'After=network.target' >> /etc/systemd/system/turtl.service
- echo 'After=rethinkdb.service' >> /etc/systemd/system/turtl.service
- echo '' >> /etc/systemd/system/turtl.service
- echo '[Service]' >> /etc/systemd/system/turtl.service
- echo 'Type=simple' >> /etc/systemd/system/turtl.service
- echo 'User=turtl' >> /etc/systemd/system/turtl.service
- echo "WorkingDirectory=$TURTL_BASE_DIR/api/" >> /etc/systemd/system/turtl.service
+ { echo '[Unit]';
+ echo 'Description=Note taking service';
+ echo 'Documentation=http://turtl.it';
+ echo 'Requires=network.target';
+ echo 'Requires=rethinkdb.service';
+ echo 'After=network.target';
+ echo 'After=rethinkdb.service';
+ echo '';
+ echo '[Service]';
+ echo 'Type=simple';
+ echo 'User=turtl';
+ echo "WorkingDirectory=$TURTL_BASE_DIR/api/"; } > /etc/systemd/system/turtl.service
if [[ "$check_architecture" == *"64"* && "$check_architecture" != *"arm"* ]]; then
echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
@@ -466,9 +474,9 @@ __ENDCONFIG__
echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
fi
fi
- echo '' >> /etc/systemd/system/turtl.service
- echo '[Install]' >> /etc/systemd/system/turtl.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turtl.service
+ { echo '';
+ echo '[Install]';
+ echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/turtl.service
chmod +x /etc/systemd/system/turtl.service
chown -R turtl:turtl $TURTL_BASE_DIR
@@ -484,7 +492,7 @@ function install_turtl_api {
if [ ! -d $TURTL_BASE_DIR ]; then
mkdir -p $TURTL_BASE_DIR
fi
- cd $TURTL_BASE_DIR
+ cd "$TURTL_BASE_DIR" || exit 745726542
mkdir cd $TURTL_BASE_DIR/data
check_architecture=$(uname -a)
@@ -600,21 +608,21 @@ __ENDCONFIG__
chown -R rethinkdb:rethinkdb /var/lib/rethinkdb
# install turtl API
- cd $TURTL_BASE_DIR/
+ cd "$TURTL_BASE_DIR/" || exit 6428462
if [ -d /repos/turtl ]; then
mkdir $TURTL_BASE_DIR/api
cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
- cd $TURTL_BASE_DIR/api
+ cd "$TURTL_BASE_DIR/api" || exit 57141845
git pull
else
git clone $TURTL_REPO $TURTL_BASE_DIR/api
fi
- cd $TURTL_BASE_DIR/api
+ cd "$TURTL_BASE_DIR/api" || exit 35814614
git checkout $TURTL_COMMIT -b $TURTL_COMMIT
set_completion_param "turtl commit" "$TURTL_COMMIT"
- cd $TURTL_BASE_DIR/quicklisp/local-projects
+ cd "$TURTL_BASE_DIR/quicklisp/local-projects" || exit 43618941415
git clone git://github.com/orthecreedence/cl-hash-util
if [[ "$check_architecture" != *"arm"* ]]; then
if [[ "$check_architecture" == *"64"* ]]; then
@@ -657,54 +665,54 @@ function install_turtl_nginx {
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $TURTL_DOMAIN_NAME
- echo 'server {' >> $turtl_nginx_site
- echo ' listen 443 ssl;' >> $turtl_nginx_site
- echo ' #listen [::]:443 ssl;' >> $turtl_nginx_site
- echo " server_name ${TURTL_DOMAIN_NAME};" >> $turtl_nginx_site
- echo '' >> $turtl_nginx_site
- echo ' # Security' >> $turtl_nginx_site
+ { echo 'server {';
+ echo ' listen 443 ssl;';
+ echo ' #listen [::]:443 ssl;';
+ echo " server_name ${TURTL_DOMAIN_NAME};";
+ echo '';
+ echo ' # Security'; } >> "$turtl_nginx_site"
function_check nginx_ssl
nginx_ssl $TURTL_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $TURTL_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security max-age=15768000;' >> $turtl_nginx_site
- echo '' >> $turtl_nginx_site
- echo ' # Logs' >> $turtl_nginx_site
- echo ' access_log /dev/null;' >> $turtl_nginx_site
- echo ' error_log /dev/null;' >> $turtl_nginx_site
- echo '' >> $turtl_nginx_site
- echo ' location / {' >> $turtl_nginx_site
+ { echo ' add_header Strict-Transport-Security max-age=15768000;';
+ echo '';
+ echo ' # Logs';
+ echo ' access_log /dev/null;';
+ echo ' error_log /dev/null;';
+ echo '';
+ echo ' location / {'; } >> "$turtl_nginx_site"
function_check nginx_limits
nginx_limits $TURTL_DOMAIN_NAME '15m'
- echo " proxy_pass http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site
- echo ' proxy_set_header Host $host;' >> $turtl_nginx_site
- echo ' proxy_buffering off;' >> $turtl_nginx_site
- echo ' }' >> $turtl_nginx_site
- echo '}' >> $turtl_nginx_site
+ { echo " proxy_pass http://localhost:${TURTL_PORT}/;";
+ echo " proxy_set_header Host \$host;";
+ echo ' proxy_buffering off;';
+ echo ' }';
+ echo '}'; } >> "$turtl_nginx_site"
else
echo -n '' > $turtl_nginx_site
fi
- echo 'server {' >> $turtl_nginx_site
- echo " listen 127.0.0.1:${TURTL_ONION_PORT};" >> $turtl_nginx_site
- echo " server_name ${TURTL_ONION_HOSTNAME};" >> $turtl_nginx_site
- echo '' >> $turtl_nginx_site
+ { echo 'server {';
+ echo " listen 127.0.0.1:${TURTL_ONION_PORT};";
+ echo " server_name ${TURTL_ONION_HOSTNAME};";
+ echo ''; } >> $turtl_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $TURTL_DOMAIN_NAME
- echo '' >> $turtl_nginx_site
- echo ' # Logs' >> $turtl_nginx_site
- echo ' access_log /dev/null;' >> $turtl_nginx_site
- echo ' error_log /dev/null;' >> $turtl_nginx_site
- echo '' >> $turtl_nginx_site
- echo ' location / {' >> $turtl_nginx_site
+ { echo '';
+ echo ' # Logs';
+ echo ' access_log /dev/null;';
+ echo ' error_log /dev/null;';
+ echo '';
+ echo ' location / {'; } >> $turtl_nginx_site
function_check nginx_limits
nginx_limits $TURTL_DOMAIN_NAME '15m'
- echo " proxy_pass http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site
- echo ' proxy_set_header Host $host;' >> $turtl_nginx_site
- echo ' proxy_buffering off;' >> $turtl_nginx_site
- echo ' }' >> $turtl_nginx_site
- echo '}' >> $turtl_nginx_site
+ { echo " proxy_pass http://localhost:${TURTL_PORT}/;";
+ echo " proxy_set_header Host \$host;";
+ echo ' proxy_buffering off;';
+ echo ' }';
+ echo '}'; } >> $turtl_nginx_site
function_check add_ddns_domain
add_ddns_domain $TURTL_DOMAIN_NAME
diff --git a/src/freedombone-app-vim b/src/freedombone-app-vim
index 6f5958e6b..8af2aa8c8 100755
--- a/src/freedombone-app-vim
+++ b/src/freedombone-app-vim
@@ -62,27 +62,27 @@ function backup_local_vim {
echo $"Backing up Vim config for $USERNAME"
# create a temporary directory
- if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
- mkdir /home/$USERNAME/$VIM_TEMP_DIR
+ if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+ mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi
# copy config files into the directory
- if [ -f /home/$USERNAME/.vimrc ]; then
- cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR
- chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+ if [ -f "/home/$USERNAME/.vimrc" ]; then
+ cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi
- if [ -f /home/$USERNAME/.viminfo ]; then
- cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR
- chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+ if [ -f "/home/$USERNAME/.viminfo" ]; then
+ cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi
# backup the directory
function_check backup_directory_to_usb
- backup_directory_to_usb /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME
+ backup_directory_to_usb "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
# remove temporary directory
- if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
- rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+ if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+ rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
fi
fi
done
@@ -90,24 +90,25 @@ function backup_local_vim {
function restore_local_vim {
temp_restore_dir=/root/tempvim
- if [ -d $USB_MOUNT/backup/vim ]; then
+ if [ -d "$USB_MOUNT/backup/vim" ]; then
for d in $USB_MOUNT/backup/vim/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
- if [ ! -d /home/$USERNAME ]; then
- ${PROJECT_NAME}-adduser $USERNAME
+ if [ ! -d "/home/$USERNAME" ]; then
+ "${PROJECT_NAME}-adduser" "$USERNAME"
fi
echo $"Restoring Vim config for $USERNAME"
function_check restore_directory_from_usb
- restore_directory_from_usb $temp_restore_dir vim/$USERNAME
- if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then
- cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/
+ restore_directory_from_usb "$temp_restore_dir" "vim/$USERNAME"
+ if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+ cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
else
- if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
- mkdir /home/$USERNAME/$VIM_TEMP_DIR
+ if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+ mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi
- cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/
+ cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
@@ -116,14 +117,14 @@ function restore_local_vim {
backup_unmount_drive
exit 664
fi
- cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME
- if [ -f /home/$USERNAME/.viminfo ]; then
- chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo
+ cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
+ if [ -f "/home/$USERNAME/.viminfo" ]; then
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
fi
- if [ -f /home/$USERNAME/.vimrc ]; then
- chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc
+ if [ -f "/home/$USERNAME/.vimrc" ]; then
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
fi
- rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+ rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
rm -rf $temp_restore_dir
fi
done
@@ -137,27 +138,27 @@ function backup_remote_vim {
echo $"Backing up Vim config for $USERNAME"
# create a temporary directory
- if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
- mkdir /home/$USERNAME/$VIM_TEMP_DIR
+ if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+ mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi
# copy config files into the directory
- if [ -f /home/$USERNAME/.vimrc ]; then
- cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR
- chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+ if [ -f "/home/$USERNAME/.vimrc" ]; then
+ cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi
- if [ -f /home/$USERNAME/.viminfo ]; then
- cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR
- chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+ if [ -f "/home/$USERNAME/.viminfo" ]; then
+ cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
+ chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi
# backup the directory
function_check backup_directory_to_friend
- backup_directory_to_friend /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME
+ backup_directory_to_friend "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
# remove temporary directory
- if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
- rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+ if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+ rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
fi
fi
done
@@ -165,24 +166,25 @@ function backup_remote_vim {
function restore_remote_vim {
temp_restore_dir=/root/tempvim
- if [ -d $USB_MOUNT/backup/vim ]; then
+ if [ -d "$USB_MOUNT/backup/vim" ]; then
for d in $USB_MOUNT/backup/vim/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
- if [ ! -d /home/$USERNAME ]; then
- ${PROJECT_NAME}-adduser $USERNAME
+ if [ ! -d "/home/$USERNAME" ]; then
+ "${PROJECT_NAME}-adduser" "$USERNAME"
fi
echo $"Restoring Vim config for $USERNAME"
function_check restore_directory_from_friend
- restore_directory_from_friend $temp_restore_dir vim/$USERNAME
- if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then
- cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/
+ restore_directory_from_friend "$temp_restore_dir vim/$USERNAME"
+ if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+ cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
else
- if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
- mkdir /home/$USERNAME/$VIM_TEMP_DIR
+ if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+ mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi
- cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/
+ cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
fi
+ # shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
@@ -191,14 +193,14 @@ function restore_remote_vim {
backup_unmount_drive
exit 664
fi
- cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME
- if [ -f /home/$USERNAME/.viminfo ]; then
- chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo
+ cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
+ if [ -f "/home/$USERNAME/.viminfo" ]; then
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
fi
- if [ -f /home/$USERNAME/.vimrc ]; then
- chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc
+ if [ -f "/home/$USERNAME/.vimrc" ]; then
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
fi
- rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+ rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
rm -rf $temp_restore_dir
fi
done
@@ -210,7 +212,7 @@ function remove_vim {
# This may change with Debian Stretch
# apt-get -yq remove --purge vim
update-alternatives --set editor /usr/bin/nano
- sed -i '/install_vim/d' $COMPLETION_FILE
+ sed -i '/install_vim/d' "$COMPLETION_FILE"
# remove Vim as the mutt email editor
if [ -f /etc/Muttrc ]; then
@@ -220,9 +222,9 @@ function remove_vim {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
- if [ -f /home/$USERNAME/.muttrc ]; then
- if grep -q "set editor=" /home/$USERNAME/.muttrc; then
- sed -i '/set editor=/d' /home/$USERNAME/.muttrc
+ if [ -f "/home/$USERNAME/.muttrc" ]; then
+ if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+ sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
fi
fi
fi
@@ -244,11 +246,11 @@ function install_vim {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
- if [ -f /home/$USERNAME/.muttrc ]; then
- if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then
- echo "set editor=\"$VIM_MUTT_EDITOR\"" >> /home/$USERNAME/.muttrc
+ if [ -f "/home/$USERNAME/.muttrc" ]; then
+ if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+ echo "set editor=\"$VIM_MUTT_EDITOR\"" >> "/home/$USERNAME/.muttrc"
else
- sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" /home/$USERNAME/.muttrc
+ sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" "/home/$USERNAME/.muttrc"
fi
fi
fi
diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn
index 1aa183f5c..df241b025 100755
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@@ -82,23 +82,24 @@ function install_interactive_vpn {
VPN_DETAILS_COMPLETE=
while [ ! $VPN_DETAILS_COMPLETE ]
do
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
currtlsport=$(grep 'VPN_TLS_PORT' temp.cfg | awk -F '=' '{print $2}')
- if [ $currtlsport ]; then
+ if [ "$currtlsport" ]; then
VPN_TLS_PORT=$currtlsport
fi
dialog --backtitle $"Freedombone Configuration" \
--title $"VPN Configuration" \
- --form $"\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
+ --form $"\\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
$"TLS port:" 1 1 "$VPN_TLS_PORT" 1 12 5 5 \
- 2> $data
+ 2> "$data"
sel=$?
case $sel in
- 1) exit 1;;
- 255) exit 1;;
+ 1) rm -f "$data"
+ exit 1;;
+ 255) rm -f "$data"
+ exit 1;;
esac
- tlsport=$(cat $data | sed -n 1p)
+ tlsport=$(sed -n 1p < "$data")
if [ ${#tlsport} -gt 1 ]; then
if [[ "$tlsport" != *' '* && "$tlsport" != *'.'* ]]; then
VPN_TLS_PORT="$tlsport"
@@ -106,27 +107,27 @@ function install_interactive_vpn {
write_config_param "VPN_TLS_PORT" "$VPN_TLS_PORT"
fi
fi
+ rm -f "$data"
done
clear
APP_INSTALLED=1
}
function vpn_change_tls_port {
- if ! grep -q "VPN-TLS" $FIREWALL_CONFIG; then
+ if ! grep -q "VPN-TLS" "$FIREWALL_CONFIG"; then
EXISTING_VPN_TLS_PORT=443
else
- EXISTING_VPN_TLS_PORT=$(cat $FIREWALL_CONFIG | grep "VPN-TLS" | awk -F '=' '{print $2}')
+ EXISTING_VPN_TLS_PORT=$(grep "VPN-TLS" "$FIREWALL_CONFIG" | awk -F '=' '{print $2}')
fi
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --title $"VPN Configuration" \
--backtitle $"Freedombone Control Panel" \
- --inputbox $'Change TLS port' 10 50 $EXISTING_VPN_TLS_PORT 2>$data
+ --inputbox $'Change TLS port' 10 50 "$EXISTING_VPN_TLS_PORT" 2>"$data"
sel=$?
case $sel in
0)
- tlsport=$(<$data)
+ tlsport=$(<"$data")
if [ ${#tlsport} -gt 0 ]; then
if [[ "$tlsport" != "$EXISTING_VPN_TLS_PORT" ]]; then
clear
@@ -137,22 +138,22 @@ function vpn_change_tls_port {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
- if [ -f /home/$USERNAME/stunnel-client.conf ]; then
- cp /etc/stunnel/stunnel-client.conf /home/$USERNAME/stunnel-client.conf
- chown $USERNAME:$USERNAME /home/$USERNAME/stunnel-client.conf
+ if [ -f "/home/$USERNAME/stunnel-client.conf" ]; then
+ cp "/etc/stunnel/stunnel-client.conf" "/home/$USERNAME/stunnel-client.conf"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel-client.conf"
fi
done
- if [ $VPN_TLS_PORT -eq 443 ]; then
+ if [ "$VPN_TLS_PORT" -eq 443 ]; then
if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then
- firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
+ firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
fi
systemctl stop nginx
systemctl disable nginx
else
if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then
- firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
- firewall_add VPN-TLS ${VPN_TLS_PORT} tcp
+ firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
+ firewall_add VPN-TLS "${VPN_TLS_PORT}" tcp
fi
systemctl enable nginx
systemctl restart nginx
@@ -160,7 +161,7 @@ function vpn_change_tls_port {
systemctl restart stunnel
- if [ $VPN_TLS_PORT -eq 443 ]; then
+ if [ "$VPN_TLS_PORT" -eq 443 ]; then
dialog --title $"VPN Configuration" \
--msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
else
@@ -171,52 +172,56 @@ function vpn_change_tls_port {
fi
;;
esac
+ rm -f "$data"
}
function vpn_regenerate_client_keys {
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --title $"Regenerate VPN keys for a user" \
--backtitle $"Freedombone Control Panel" \
- --inputbox $'username' 10 50 2>$data
+ --inputbox $'username' 10 50 2>"$data"
sel=$?
case $sel in
0)
- USERNAME=$(<$data)
+ USERNAME=$(<"$data")
if [ ${#USERNAME} -gt 0 ]; then
- if [ -d /home/$USERNAME ]; then
+ if [ -d "/home/$USERNAME" ]; then
clear
- create_user_vpn_key $USERNAME
+ create_user_vpn_key "$USERNAME"
dialog --title $"Regenerate VPN keys for a user" \
--msgbox $"VPN keys were regenerated for $USERNAME" 6 60
fi
fi
;;
esac
+ rm -f "$data"
}
function configure_interactive_vpn {
read_config_param VPN_TLS_PORT
while true
do
- data=$(tempfile 2>/dev/null)
- trap "rm -f $data" 0 1 2 5 15
+ data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"VPN Configuration" \
--radiolist $"Choose an operation:" 13 70 3 \
1 $"Change TLS port (currently $VPN_TLS_PORT)" off \
2 $"Regenerate keys for a user" off \
- 3 $"Exit" on 2> $data
+ 3 $"Exit" on 2> "$data"
sel=$?
case $sel in
- 1) return;;
- 255) return;;
+ 1) rm -f "$data"
+ return;;
+ 255) rm -f "$data"
+ return;;
esac
- case $(cat $data) in
+ case $(cat "$data") in
1) vpn_change_tls_port;;
2) vpn_regenerate_client_keys;;
- 3) break;;
+ 3) rm -f "$data"
+ break;;
esac
+ rm -f "$data"
done
}
@@ -231,8 +236,8 @@ function upgrade_vpn {
function backup_local_vpn {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
- if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
- cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}
+ if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+ cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
fi
done
@@ -252,9 +257,9 @@ function restore_local_vpn {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
- if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then
- cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME
- chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME
+ if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
+ cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
fi
done
fi
@@ -265,13 +270,13 @@ function restore_local_vpn {
rm -rf ${temp_restore_dir}
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
- if [ -f /home/$USERNAME/stunnel.pem ]; then
- cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem
- chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem
+ if [ -f "/home/$USERNAME/stunnel.pem" ]; then
+ cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
fi
- if [ -f /home/$USERNAME/stunnel.p12 ]; then
- cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12
- chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12
+ if [ -f "/home/$USERNAME/stunnel.p12" ]; then
+ cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
fi
done
fi
@@ -280,8 +285,8 @@ function restore_local_vpn {
function backup_remote_vpn {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
- if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
- cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}
+ if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+ cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
fi
done
@@ -301,9 +306,9 @@ function restore_remote_vpn {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
- if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then
- cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME
- chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME
+ if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
+ cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
fi
done
fi
@@ -314,13 +319,13 @@ function restore_remote_vpn {
rm -rf ${temp_restore_dir}
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
- if [ -f /home/$USERNAME/stunnel.pem ]; then
- cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem
- chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem
+ if [ -f "/home/$USERNAME/stunnel.pem" ]; then
+ cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
fi
- if [ -f /home/$USERNAME/stunnel.p12 ]; then
- cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12
- chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12
+ if [ -f "/home/$USERNAME/stunnel.p12" ]; then
+ cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
+ chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
fi
done
fi
@@ -332,8 +337,8 @@ function remove_vpn {
rm /etc/systemd/system/stunnel.service
systemctl stop openvpn
- if [ $VPN_TLS_PORT -ne 443 ]; then
- firewall_remove VPN-TLS $VPN_TLS_PORT
+ if [ "$VPN_TLS_PORT" -ne 443 ]; then
+ firewall_remove VPN-TLS "$VPN_TLS_PORT"
else
systemctl enable nginx
systemctl restart nginx
@@ -354,10 +359,10 @@ function remove_vpn {
# remove any client keys
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
- if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
- shred -zu /home/$USERNAME/$OPENVPN_KEY_FILENAME
+ if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+ shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
fi
- rm /home/$USERNAME/stunnel*
+ rm "/home/$USERNAME/stunnel*"
done
userdel -f vpn
groupdel -f vpn
@@ -370,107 +375,108 @@ function remove_vpn {
function create_user_vpn_key {
username=$1
- if [ ! -d /home/$username ]; then
+ if [ ! -d "/home/$username" ]; then
return
fi
echo $"Creating VPN key for $username"
- cd /etc/openvpn/easy-rsa
+ cd /etc/openvpn/easy-rsa || exit 4728468246
- if [ -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
- rm /etc/openvpn/easy-rsa/keys/$username.crt
+ if [ -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
+ rm "/etc/openvpn/easy-rsa/keys/$username.crt"
fi
- if [ -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
- rm /etc/openvpn/easy-rsa/keys/$username.key
+ if [ -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
+ rm "/etc/openvpn/easy-rsa/keys/$username.key"
fi
- if [ -f /etc/openvpn/easy-rsa/keys/$username.csr ]; then
- rm /etc/openvpn/easy-rsa/keys/$username.csr
+ if [ -f "/etc/openvpn/easy-rsa/keys/$username.csr" ]; then
+ rm "/etc/openvpn/easy-rsa/keys/$username.csr"
fi
sed -i 's| --interact||g' build-key
./build-key "$username"
- if [ ! -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
+ if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
echo $'VPN user cert not generated'
exit 783528
fi
- user_cert=$(cat /etc/openvpn/easy-rsa/keys/$username.crt)
+ user_cert=$(cat "/etc/openvpn/easy-rsa/keys/$username.crt")
if [ ${#user_cert} -lt 10 ]; then
- cat /etc/openvpn/easy-rsa/keys/$username.crt
+ cat "/etc/openvpn/easy-rsa/keys/$username.crt"
echo $'User cert generation failed'
exit 634659
fi
- if [ ! -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
+ if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
echo $'VPN user key not generated'
exit 682523
fi
- user_key=$(cat /etc/openvpn/easy-rsa/keys/$username.key)
+ user_key=$(cat "/etc/openvpn/easy-rsa/keys/$username.key")
if [ ${#user_key} -lt 10 ]; then
- cat /etc/openvpn/easy-rsa/keys/$username.key
+ cat "/etc/openvpn/easy-rsa/keys/$username.key"
echo $'User key generation failed'
exit 285838
fi
user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME
- echo 'client' > $user_vpn_cert_file
- echo 'dev tun' >> $user_vpn_cert_file
- echo 'proto tcp' >> $user_vpn_cert_file
- echo "remote localhost $STUNNEL_PORT" >> $user_vpn_cert_file
- echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway" >> $user_vpn_cert_file
- echo 'resolv-retry infinite' >> $user_vpn_cert_file
- echo 'nobind' >> $user_vpn_cert_file
- echo 'tun-mtu 1500' >> $user_vpn_cert_file
- echo 'tun-mtu-extra 32' >> $user_vpn_cert_file
- echo 'mssfix 1450' >> $user_vpn_cert_file
- echo 'persist-key' >> $user_vpn_cert_file
- echo 'persist-tun' >> $user_vpn_cert_file
- echo 'auth-nocache' >> $user_vpn_cert_file
- echo 'remote-cert-tls server' >> $user_vpn_cert_file
- echo 'comp-lzo' >> $user_vpn_cert_file
- echo 'verb 3' >> $user_vpn_cert_file
- echo '' >> $user_vpn_cert_file
-
- echo '<ca>' >> $user_vpn_cert_file
- cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
- echo '</ca>' >> $user_vpn_cert_file
-
- echo '<cert>' >> $user_vpn_cert_file
- cat /etc/openvpn/easy-rsa/keys/$username.crt >> $user_vpn_cert_file
- echo '</cert>' >> $user_vpn_cert_file
-
- echo '<key>' >> $user_vpn_cert_file
- cat /etc/openvpn/easy-rsa/keys/$username.key >> $user_vpn_cert_file
- echo '</key>' >> $user_vpn_cert_file
-
- chown $username:$username $user_vpn_cert_file
+ { echo 'client';
+ echo 'dev tun';
+ echo 'proto tcp';
+ echo "remote localhost $STUNNEL_PORT";
+ echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway";
+ echo 'resolv-retry infinite';
+ echo 'nobind';
+ echo 'tun-mtu 1500';
+ echo 'tun-mtu-extra 32';
+ echo 'mssfix 1450';
+ echo 'persist-key';
+ echo 'persist-tun';
+ echo 'auth-nocache';
+ echo 'remote-cert-tls server';
+ echo 'comp-lzo';
+ echo 'verb 3';
+ echo ''; } > "$user_vpn_cert_file"
+
+ {
+ echo '<ca>';
+ cat /etc/openvpn/ca.crt;
+ echo '</ca>';
+
+ echo '<cert>';
+ cat "/etc/openvpn/easy-rsa/keys/$username.crt;"
+ echo '</cert>';
+
+ echo '<key>';
+ cat "/etc/openvpn/easy-rsa/keys/$username.key;"
+ echo '</key>'; } >> "$user_vpn_cert_file"
+
+ chown "$username":"$username" "$user_vpn_cert_file"
# keep a backup
- cp $user_vpn_cert_file /etc/openvpn/easy-rsa/keys/$username.ovpn
+ cp "$user_vpn_cert_file" "/etc/openvpn/easy-rsa/keys/$username.ovpn"
#rm /etc/openvpn/easy-rsa/keys/$username.crt
#rm /etc/openvpn/easy-rsa/keys/$username.csr
- shred -zu /etc/openvpn/easy-rsa/keys/$username.key
+ shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
echo $"VPN key created at $user_vpn_cert_file"
}
function add_user_vpn {
new_username="$1"
- new_user_password="$2"
+# new_user_password="$2"
- create_user_vpn_key $new_username
+ create_user_vpn_key "$new_username"
if [ -f /etc/stunnel/stunnel.pem ]; then
- cp /etc/stunnel/stunnel.pem /home/$new_username/stunnel.pem
- chown $new_username:$new_username /home/$new_username/stunnel.pem
+ cp /etc/stunnel/stunnel.pem "/home/$new_username/stunnel.pem"
+ chown "$new_username":"$new_username" "/home/$new_username/stunnel.pem"
fi
if [ -f /etc/stunnel/stunnel.p12 ]; then
- cp /etc/stunnel/stunnel.p12 /home/$new_username/stunnel.p12
- chown $new_username:$new_username /home/$new_username/stunnel.p12
+ cp /etc/stunnel/stunnel.p12 "/home/$new_username/stunnel.p12"
+ chown "$new_username":"$new_username" "/home/$new_username/stunnel.p12"
fi
- cp /etc/stunnel/stunnel-client.conf /home/$new_username/stunnel-client.conf
- chown $new_username:$new_username /home/$new_username/stunnel-client.conf
+ cp /etc/stunnel/stunnel-client.conf "/home/$new_username/stunnel-client.conf"
+ chown "$new_username":"$new_username" "/home/$new_username/stunnel-client.conf"
}
function remove_user_vpn {
@@ -516,15 +522,16 @@ function generate_stunnel_keys {
fi
chmod 640 /etc/stunnel/stunnel.p12
- cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
- cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
- chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel*
+ cp /etc/stunnel/stunnel.pem "/home/$MY_USERNAME/stunnel.pem"
+ cp /etc/stunnel/stunnel.p12 "/home/$MY_USERNAME/stunnel.p12"
+ chown "$MY_USERNAME":"$MY_USERNAME" "$prefix/home/$MY_USERNAME/stunnel*"
}
function install_stunnel {
prefix=
prefixchroot=
- if [ $rootdir ]; then
+ # shellcheck disable=SC2154
+ if [ "$rootdir" ]; then
prefix=$rootdir
prefixchroot="chroot $rootdir"
VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@@ -532,53 +539,53 @@ function install_stunnel {
$prefixchroot apt-get -yq install stunnel4
- if [ ! $prefix ]; then
- cd /etc/stunnel
+ if [ ! "$prefix" ]; then
+ cd /etc/stunnel || exit 46284624
generate_stunnel_keys
fi
- echo 'chroot = /var/lib/stunnel4' > $prefix/etc/stunnel/stunnel.conf
- echo 'pid = /stunnel4.pid' >> $prefix/etc/stunnel/stunnel.conf
- echo 'setuid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
- echo 'setgid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
- echo 'socket = l:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
- echo 'socket = r:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
- echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
- echo '[openvpn]' >> $prefix/etc/stunnel/stunnel.conf
- echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf
- echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf
- echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
- echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf
-
- sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4
-
- echo '[openvpn]' > $prefix/etc/stunnel/stunnel-client.conf
- echo 'client = yes' >> $prefix/etc/stunnel/stunnel-client.conf
- echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
- echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
- echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf
- echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf
-
- echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service
- echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service
- echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> $prefix/etc/systemd/system/stunnel.service
- echo 'DefaultDependencies=no' >> $prefix/etc/systemd/system/stunnel.service
- echo 'After=network.target' >> $prefix/etc/systemd/system/stunnel.service
- echo 'After=syslog.target' >> $prefix/etc/systemd/system/stunnel.service
- echo '' >> $prefix/etc/systemd/system/stunnel.service
- echo '[Install]' >> $prefix/etc/systemd/system/stunnel.service
- echo 'WantedBy=multi-user.target' >> $prefix/etc/systemd/system/stunnel.service
- echo 'Alias=stunnel.target' >> $prefix/etc/systemd/system/stunnel.service
- echo '' >> $prefix/etc/systemd/system/stunnel.service
- echo '[Service]' >> $prefix/etc/systemd/system/stunnel.service
- echo 'Type=forking' >> $prefix/etc/systemd/system/stunnel.service
- echo 'RuntimeDirectory=stunnel' >> $prefix/etc/systemd/system/stunnel.service
- echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
- echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
- echo 'ExecStop=/usr/bin/killall -9 stunnel' >> $prefix/etc/systemd/system/stunnel.service
- echo 'RemainAfterExit=yes' >> $prefix/etc/systemd/system/stunnel.service
-
- if [ ! $prefix ]; then
+ { echo 'chroot = /var/lib/stunnel4';
+ echo 'pid = /stunnel4.pid';
+ echo 'setuid = stunnel4';
+ echo 'setgid = stunnel4';
+ echo 'socket = l:TCP_NODELAY=1';
+ echo 'socket = r:TCP_NODELAY=1';
+ echo 'cert = /etc/stunnel/stunnel.pem';
+ echo '[openvpn]';
+ echo "accept = $VPN_TLS_PORT";
+ echo 'connect = localhost:1194';
+ echo 'cert = /etc/stunnel/stunnel.pem';
+ echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel.conf"
+
+ sed -i 's|ENABLED=.*|ENABLED=1|g' "$prefix/etc/default/stunnel4"
+
+ { echo '[openvpn]';
+ echo 'client = yes';
+ echo "accept = $STUNNEL_PORT";
+ echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT";
+ echo 'cert = stunnel.pem';
+ echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel-client.conf"
+
+ { echo '[Unit]';
+ echo 'Description=SSL tunnel for network daemons';
+ echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html';
+ echo 'DefaultDependencies=no';
+ echo 'After=network.target';
+ echo 'After=syslog.target';
+ echo '';
+ echo '[Install]';
+ echo 'WantedBy=multi-user.target';
+ echo 'Alias=stunnel.target';
+ echo '';
+ echo '[Service]';
+ echo 'Type=forking';
+ echo 'RuntimeDirectory=stunnel';
+ echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf';
+ echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf';
+ echo 'ExecStop=/usr/bin/killall -9 stunnel';
+ echo 'RemainAfterExit=yes'; } > "$prefix/etc/systemd/system/stunnel.service"
+
+ if [ ! "$prefix" ]; then
if [ $VPN_TLS_PORT -eq 443 ]; then
systemctl stop nginx
systemctl disable nginx
@@ -591,15 +598,15 @@ function install_stunnel {
systemctl daemon-reload
systemctl start stunnel
- cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
+ cp /etc/stunnel/stunnel-client.conf "/home/$MY_USERNAME/stunnel-client.conf"
+ chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/stunnel*"
fi
}
function vpn_generate_keys {
# generate host keys
if [ ! -f /etc/openvpn/dh2048.pem ]; then
- ${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem
+ "${PROJECT_NAME}-dhparam" -o /etc/openvpn/dh2048.pem
fi
if [ ! -f /etc/openvpn/dh2048.pem ]; then
echo $'vpn dhparams were not generated'
@@ -607,7 +614,8 @@ function vpn_generate_keys {
fi
cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
- cd /etc/openvpn/easy-rsa
+ cd /etc/openvpn/easy-rsa || exit 5628756256
+ # shellcheck disable=SC1091
. ./vars
./clean-all
vpn_openssl_version='1.0.0'
@@ -651,13 +659,13 @@ function vpn_generate_keys {
fi
cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
- create_user_vpn_key ${MY_USERNAME}
+ create_user_vpn_key "${MY_USERNAME}"
}
function install_vpn {
prefix=
prefixchroot=
- if [ $rootdir ]; then
+ if [ "$rootdir" ]; then
prefix=$rootdir
prefixchroot="chroot $rootdir"
VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@@ -668,50 +676,50 @@ function install_vpn {
$prefixchroot useradd -r -s /bin/false -g vpn vpn
# server configuration
- echo 'port 1194' > $prefix/etc/openvpn/server.conf
- echo 'proto tcp' >> $prefix/etc/openvpn/server.conf
- echo 'dev tun' >> $prefix/etc/openvpn/server.conf
- echo 'tun-mtu 1500' >> $prefix/etc/openvpn/server.conf
- echo 'tun-mtu-extra 32' >> $prefix/etc/openvpn/server.conf
- echo 'mssfix 1450' >> $prefix/etc/openvpn/server.conf
- echo 'ca /etc/openvpn/ca.crt' >> $prefix/etc/openvpn/server.conf
- echo 'cert /etc/openvpn/server.crt' >> $prefix/etc/openvpn/server.conf
- echo 'key /etc/openvpn/server.key' >> $prefix/etc/openvpn/server.conf
- echo 'dh /etc/openvpn/dh2048.pem' >> $prefix/etc/openvpn/server.conf
- echo 'server 10.8.0.0 255.255.255.0' >> $prefix/etc/openvpn/server.conf
- echo 'push "redirect-gateway def1 bypass-dhcp"' >> $prefix/etc/openvpn/server.conf
- echo "push \"dhcp-option DNS 85.214.73.63\"" >> $prefix/etc/openvpn/server.conf
- echo "push \"dhcp-option DNS 213.73.91.35\"" >> $prefix/etc/openvpn/server.conf
- echo 'keepalive 5 30' >> $prefix/etc/openvpn/server.conf
- echo 'comp-lzo' >> $prefix/etc/openvpn/server.conf
- echo 'persist-key' >> $prefix/etc/openvpn/server.conf
- echo 'persist-tun' >> $prefix/etc/openvpn/server.conf
- echo 'status /dev/null' >> $prefix/etc/openvpn/server.conf
- echo 'verb 3' >> $prefix/etc/openvpn/server.conf
- echo '' >> $prefix/etc/openvpn/server.conf
-
- if [ ! $prefix ]; then
+ { echo 'port 1194';
+ echo 'proto tcp';
+ echo 'dev tun';
+ echo 'tun-mtu 1500';
+ echo 'tun-mtu-extra 32';
+ echo 'mssfix 1450';
+ echo 'ca /etc/openvpn/ca.crt';
+ echo 'cert /etc/openvpn/server.crt';
+ echo 'key /etc/openvpn/server.key';
+ echo 'dh /etc/openvpn/dh2048.pem';
+ echo 'server 10.8.0.0 255.255.255.0';
+ echo 'push "redirect-gateway def1 bypass-dhcp"';
+ echo "push \"dhcp-option DNS 85.214.73.63\"";
+ echo "push \"dhcp-option DNS 213.73.91.35\"";
+ echo 'keepalive 5 30';
+ echo 'comp-lzo';
+ echo 'persist-key';
+ echo 'persist-tun';
+ echo 'status /dev/null';
+ echo 'verb 3';
+ echo ''; } > "$prefix/etc/openvpn/server.conf"
+
+ if [ ! "$prefix" ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
- sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
- sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
- sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' $prefix/etc/sysctl.conf
+ sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
+ sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
+ sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' "$prefix/etc/sysctl.conf"
- cp -r $prefix/usr/share/easy-rsa/ $prefix/etc/openvpn
- if [ ! -d $prefix/etc/openvpn/easy-rsa/keys ]; then
- mkdir $prefix/etc/openvpn/easy-rsa/keys
+ cp -r "$prefix/usr/share/easy-rsa/" "$prefix/etc/openvpn"
+ if [ ! -d "$prefix/etc/openvpn/easy-rsa/keys" ]; then
+ mkdir "$prefix/etc/openvpn/easy-rsa/keys"
fi
# keys configuration
- sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" $prefix/etc/openvpn/easy-rsa/vars
- sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" $prefix/etc/openvpn/easy-rsa/vars
- sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" $prefix/etc/openvpn/easy-rsa/vars
- sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
- sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" $prefix/etc/openvpn/easy-rsa/vars
- sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" $prefix/etc/openvpn/easy-rsa/vars
- sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
-
- if [ ! $prefix ]; then
+ sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+ sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+ sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+ sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+ sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+ sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+ sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+
+ if [ ! "$prefix" ]; then
vpn_generate_keys
firewall_enable_vpn
@@ -724,7 +732,7 @@ function install_vpn {
install_stunnel
- if [ ! $prefix ]; then
+ if [ ! "$prefix" ]; then
systemctl restart openvpn
fi
--
GitLab