From f123787dc66a8c437ba538b9f30885453a529c97 Mon Sep 17 00:00:00 2001
From: Jaroslaw Wencel <jaroslaw@wencel.org>
Date: Sun, 28 Aug 2022 22:34:07 +0200
Subject: [PATCH] shellcheck improvements

---
 setup/bootstrap.sh | 20 ++++++++++----------
 setup/dkim.sh      | 11 ++++++-----
 setup/functions.sh | 36 ++++++++++++++++++------------------
 3 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index cc4c060e..014538c8 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -19,12 +19,12 @@ if [ -z "$TAG" ]; then
 	# want to display in status checks.
 	#
 	# Allow point-release versions of the major releases, e.g. 22.04.1 is OK.
-	UBUNTU_VERSION=$( lsb_release -d | sed 's/.*:\s*//' | sed 's/\([0-9]*\.[0-9]*\)\.[0-9]/\1/' )"
-	if [ "$UBUNTU_VERSION" == "Ubuntu 22.04 LTS" ]; then
+	UBUNTU_VERSION=$( lsb_release -d | sed 's/.*:\s*//' | sed 's/\([0-9]*\.[0-9]*\)\.[0-9]/\1/' )
+	if [[ "$UBUNTU_VERSION" == "Ubuntu 22.04 LTS" ]]; then
 		# This machine is running Ubuntu 22.04, which is supported by
 		# Mail-in-a-Box versions 60 and later.
 		TAG=v60
-	elif [ "$UBUNTU_VERSION" == "Ubuntu 18.04 LTS" ]; then
+	elif [[ "$UBUNTU_VERSION" == "Ubuntu 18.04 LTS" ]]; then
 		# This machine is running Ubuntu 18.04, which is supported by
 		# Mail-in-a-Box versions 0.40 through 5x.
 		echo "Support is ending for Ubuntu 18.04."
@@ -32,7 +32,7 @@ if [ -z "$TAG" ]; then
 		echo "a new machine running Ubuntu 22.04. See:"
 		echo "https://mailinabox.email/maintenance.html#upgrade"
 		TAG=v57a
-	elif [ "$UBUNTU_VERSION" == "Ubuntu 14.04 LTS" ]; then
+	elif [[ "$UBUNTU_VERSION" == "Ubuntu 14.04 LTS" ]]; then
 		# This machine is running Ubuntu 14.04, which is supported by
 		# Mail-in-a-Box versions 1 through v0.30.
 		echo "Ubuntu 14.04 is no longer supported."
@@ -51,7 +51,7 @@ if [[ $EUID -ne 0 ]]; then
 fi
 
 # Clone the Mail-in-a-Box repository if it doesn't exist.
-if [ ! -d $HOME/mailinabox ]; then
+if [[ ! -d "$HOME/mailinabox" ]]; then
 	if [ ! -f /usr/bin/git ]; then
 		echo Installing git . . .
 		apt-get -q -q update
@@ -59,22 +59,22 @@ if [ ! -d $HOME/mailinabox ]; then
 		echo
 	fi
 
-	echo Downloading Mail-in-a-Box $TAG. . .
+	echo "Downloading Mail-in-a-Box $TAG . . ."
 	git clone \
 		-b $TAG --depth 1 \
 		https://github.com/mail-in-a-box/mailinabox \
-		$HOME/mailinabox \
+		"$HOME/mailinabox" \
 		< /dev/null 2> /dev/null
 
 	echo
 fi
 
 # Change directory to it.
-cd $HOME/mailinabox
+cd "$HOME/mailinabox" || exit
 
 # Update it.
-if [ "$TAG" != $(git describe) ]; then
-	echo Updating Mail-in-a-Box to $TAG . . .
+if [[ "$TAG" != $(git describe) ]]; then
+	echo "Updating Mail-in-a-Box to $TAG . . ."
 	git fetch --depth 1 --force --prune origin tag $TAG
 	if ! git checkout -q $TAG; then
 		echo "Update failed. Did you modify something in $(pwd)?"
diff --git a/setup/dkim.sh b/setup/dkim.sh
index b2541a12..d14b3293 100755
--- a/setup/dkim.sh
+++ b/setup/dkim.sh
@@ -6,6 +6,7 @@
 #
 # The DNS configuration for DKIM is done in the management daemon.
 
+# shellcheck source=./functions.sh
 source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars
 
@@ -15,7 +16,7 @@ apt_install opendkim opendkim-tools opendmarc
 
 # Make sure configuration directories exist.
 mkdir -p /etc/opendkim;
-mkdir -p $STORAGE_ROOT/mail/dkim
+mkdir -p "$STORAGE_ROOT/mail/dkim"
 
 # Used in InternalHosts and ExternalIgnoreList configuration directives.
 # Not quite sure why.
@@ -52,13 +53,13 @@ fi
 # A 1024-bit key is seen as a minimum standard by several providers
 # such as Google. But they and others use a 2048 bit key, so we'll
 # do the same. Keys beyond 2048 bits may exceed DNS record limits.
-if [ ! -f "$STORAGE_ROOT/mail/dkim/mail.private" ]; then
-	opendkim-genkey -b 2048 -r -s mail -D $STORAGE_ROOT/mail/dkim
+if [[ ! -f "$STORAGE_ROOT/mail/dkim/mail.private" ]]; then
+	opendkim-genkey -b 2048 -r -s mail -D "$STORAGE_ROOT/mail/dkim"
 fi
 
 # Ensure files are owned by the opendkim user and are private otherwise.
-chown -R opendkim:opendkim $STORAGE_ROOT/mail/dkim
-chmod go-rwx $STORAGE_ROOT/mail/dkim
+chown -R opendkim:opendkim "$STORAGE_ROOT/mail/dkim"
+chmod go-rwx "$STORAGE_ROOT/mail/dkim"
 
 tools/editconf.py /etc/opendmarc.conf -s \
 	"Syslog=true" \
diff --git a/setup/functions.sh b/setup/functions.sh
index 15703c2f..139440ef 100644
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -28,13 +28,13 @@ function hide_output {
 		echo
 		echo FAILED: "$@"
 		echo -----------------------------------------
-		cat $OUTPUT
+		cat "$OUTPUT"
 		echo -----------------------------------------
 		exit $E
 	fi
 
 	# Remove temporary file.
-	rm -f $OUTPUT
+	rm -f "$OUTPUT"
 }
 
 function apt_get_quiet {
@@ -78,7 +78,7 @@ function get_publicip_from_web_service {
 	#
 	# Pass '4' or '6' as an argument to this function to specify
 	# what type of address to get (IPv4, IPv6).
-	curl -$1 --fail --silent --max-time 15 icanhazip.com 2>/dev/null || /bin/true
+	curl -"$1" --fail --silent --max-time 15 icanhazip.com 2>/dev/null || /bin/true
 }
 
 function get_default_privateip {
@@ -121,19 +121,19 @@ function get_default_privateip {
 	if [ "$1" == "6" ]; then target=2001:4860:4860::8888; fi
 
 	# Get the route information.
-	route=$(ip -$1 -o route get $target 2>/dev/null | grep -v unreachable)
+	route=$(ip -"$1" -o route get $target 2>/dev/null | grep -v unreachable)
 
 	# Parse the address out of the route information.
-	address=$(echo $route | sed "s/.* src \([^ ]*\).*/\1/")
+	address=$(echo "$route" | sed "s/.* src \([^ ]*\).*/\1/")
 
 	if [[ "$1" == "6" && $address == fe80:* ]]; then
 		# For IPv6 link-local addresses, parse the interface out
 		# of the route information and append it with a '%'.
-		interface=$(echo $route | sed "s/.* dev \([^ ]*\).*/\1/")
+		interface=$(echo "$route" | sed "s/.* dev \([^ ]*\).*/\1/")
 		address=$address%$interface
 	fi
 
-	echo $address
+	echo "$address"
 }
 
 function ufw_allow {
@@ -151,7 +151,7 @@ function ufw_limit {
 }
 
 function restart_service {
-	hide_output service $1 restart
+	hide_output service "$1" restart
 }
 
 ## Dialog Functions ##
@@ -180,7 +180,7 @@ function input_menu {
 	declare -n result_code=$4_EXITCODE
 	local IFS=^$'\n'
 	set +e
-	result=$(dialog --stdout --title "$1" --menu "$2" 0 0 0 $3)
+	result=$(dialog --stdout --title "$1" --menu "$2" 0 0 0 "$3")
 	result_code=$?
 	set -e
 }
@@ -192,17 +192,17 @@ function wget_verify {
 	HASH=$2
 	DEST=$3
 	CHECKSUM="$HASH  $DEST"
-	rm -f $DEST
-	hide_output wget -O $DEST $URL
+	rm -f "$DEST"
+	hide_output wget -O "$DEST" "$URL"
 	if ! echo "$CHECKSUM" | sha1sum --check --strict > /dev/null; then
 		echo "------------------------------------------------------------"
 		echo "Download of $URL did not match expected checksum."
 		echo "Found:"
-		sha1sum $DEST
+		sha1sum "$DEST"
 		echo
 		echo "Expected:"
 		echo "$CHECKSUM"
-		rm -f $DEST
+		rm -f "$DEST"
 		exit 1
 	fi
 }
@@ -218,9 +218,9 @@ function git_clone {
 	SUBDIR=$3
 	TARGETPATH=$4
 	TMPPATH=/tmp/git-clone-$$
-	rm -rf $TMPPATH $TARGETPATH
-	git clone -q $REPO $TMPPATH || exit 1
-	(cd $TMPPATH; git checkout -q $TREEISH;) || exit 1
-	mv $TMPPATH/$SUBDIR $TARGETPATH
-	rm -rf $TMPPATH
+	rm -rf "$TMPPATH" "$TARGETPATH"
+	git clone -q "$REPO" "$TMPPATH" || exit 1
+	(cd "$TMPPATH" && git checkout -q "$TREEISH") || exit 1
+	mv "$TMPPATH/$SUBDIR" "$TARGETPATH"
+	rm -rf "$TMPPATH"
 }