From fa8c972296518f2850b3d3180880d0b67b6e259b Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Sun, 20 Dec 2020 21:58:11 +0100
Subject: [PATCH] Optimized shellcheck hints

---
 scripts/encryption/storage/Readme.md            |  2 ++
 scripts/encryption/storage/base.sh              | 15 ++++++++++-----
 scripts/encryption/storage/raid1/base.sh        |  4 ++++
 .../encryption/storage/raid1/mount_on_boot.sh   |  8 +++++---
 scripts/encryption/storage/raid1/setup.sh       | 17 ++++++++++-------
 scripts/encryption/storage/single_drive/base.sh |  1 +
 .../encryption/storage/single_drive/mount.sh    |  7 +++++--
 .../storage/single_drive/mount_on_boot.sh       |  6 ++++--
 .../encryption/storage/single_drive/setup.sh    | 15 +++++++++------
 .../encryption/storage/single_drive/umount.sh   |  7 +++++--
 10 files changed, 55 insertions(+), 27 deletions(-)

diff --git a/scripts/encryption/storage/Readme.md b/scripts/encryption/storage/Readme.md
index 844fec9..db33164 100644
--- a/scripts/encryption/storage/Readme.md
+++ b/scripts/encryption/storage/Readme.md
@@ -1,2 +1,4 @@
 # Storage
 For security reasons storages **SHOULD** be encrypted with [LUKS](https://de.wikipedia.org/wiki/Dm-crypt#Erweiterung_mit_LUKS). To keep it standardized and easy this scripts will use [btrfs](https://de.wikipedia.org/wiki/Btrfs) as file system.
+
+@todo create mount folder
diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh
index 069ccbe..9141734 100644
--- a/scripts/encryption/storage/base.sh
+++ b/scripts/encryption/storage/base.sh
@@ -1,4 +1,9 @@
 #!/bin/bash
+# shellcheck disable=SC2015  # Deactivating bool hint
+# shellcheck disable=SC2034  # Unused variables
+# shellcheck disable=SC2154  # Referenced but not assigned
+# shellcheck disable=SC1090  # Can't follow non-constant source. Use a directive to specify location.
+# shellcheck disable=SC2001  # See if you can use ${variable//search/replace} instead
 source "$(dirname "$(readlink -f "${0}")")/../../base.sh" || (echo "Loading base.sh failed." && exit 1)
 
 set_device_mount_partition_and_mapper_paths(){
@@ -26,13 +31,13 @@ create_luks_key_and_update_cryptab(){
     then
       warning "File allready exist. Overwritting!"
   fi
-  sudo dd if=/dev/urandom of=$secret_key_path bs=512 count=8 &&
-  sudo cryptsetup -v luksAddKey $2 $secret_key_path &&
+  sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 &&
+  sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" &&
   info "Opening and closing device to verify that that everything works fine..." &&
-  sudo cryptsetup -v luksOpen $2 $1 --key-file=$secret_key_path &&
-  sudo cryptsetup -v luksClose $1 &&
+  sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" &&
+  sudo cryptsetup -v luksClose "$1" &&
   info "Reading UUID..." &&
-  uuid_line=$(sudo cryptsetup luksDump $2 | grep "UUID") &&
+  uuid_line=$(sudo cryptsetup luksDump "$2" | grep "UUID") &&
   uuid=$(echo "${uuid_line/UUID:/""}"|sed -e "s/[[:space:]]\+//g") &&
   crypttab_path="/etc/crypttab" &&
   crypttab_entry="$1 UUID=$uuid $secret_key_path luks" &&
diff --git a/scripts/encryption/storage/raid1/base.sh b/scripts/encryption/storage/raid1/base.sh
index da70cf6..256b2d9 100644
--- a/scripts/encryption/storage/raid1/base.sh
+++ b/scripts/encryption/storage/raid1/base.sh
@@ -1,4 +1,8 @@
 #!/bin/bash
+# shellcheck disable=SC1090  # Can't follow non-constant source. Use a directive to specify location.
+# shellcheck disable=SC2015  # Deactivating bool hint
+# shellcheck disable=SC2034  # Unused variables
+# shellcheck disable=SC2154  # Referenced but not assigned
 source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1)
 set_raid1_devices_mount_partition_and_mapper_paths(){
   info "RAID1 partition 1..." &&
diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh
index 090ba7c..44f1eba 100644
--- a/scripts/encryption/storage/raid1/mount_on_boot.sh
+++ b/scripts/encryption/storage/raid1/mount_on_boot.sh
@@ -1,7 +1,9 @@
 #!/bin/bash
+# shellcheck disable=SC1090  # Can't follow non-constant source. Use a directive to specify location.
+# shellcheck disable=SC2154  # Referenced but not assigned
 source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1)
 info "Automount raid1 encrypted storages..."
-create_luks_key_and_update_cryptab $mapper_name_1 $partition_path_1
-create_luks_key_and_update_cryptab $mapper_name_2 $partition_path_2
-update_fstab $mapper_path_1 $mount_path_1
+create_luks_key_and_update_cryptab "$mapper_name_1" "$partition_path_1"
+create_luks_key_and_update_cryptab "$mapper_name_2" "$partition_path_2"
+update_fstab "$mapper_path_1" "$mount_path_1"
 success "Installation finished. Please restart :)"
diff --git a/scripts/encryption/storage/raid1/setup.sh b/scripts/encryption/storage/raid1/setup.sh
index 991b169..3124806 100644
--- a/scripts/encryption/storage/raid1/setup.sh
+++ b/scripts/encryption/storage/raid1/setup.sh
@@ -2,19 +2,22 @@
 # @author Kevin Veen-Birkenbach [kevin@veen.world]
 # @see https://balaskas.gr/btrfs/raid1.html
 # @see https://mutschler.eu/linux/install-guides/ubuntu-btrfs-raid1/
+# shellcheck disable=SC1090  # Can't follow non-constant source. Use a directive to specify location.
+# shellcheck disable=SC2015  # Deactivating bool hint
+# shellcheck disable=SC2154  # Referenced but not assigned
 source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1)
 
 set_raid1_devices_mount_partition_and_mapper_paths
 
 info "Encrypting $partition_path_1..." &&
-cryptsetup luksFormat $partition_path_1 &&
+cryptsetup luksFormat "$partition_path_1" &&
 info "Encrypting $partition_path_2..." &&
-cryptsetup luksFormat $partition_path_2 &&
+cryptsetup luksFormat "$partition_path_2" &&
 blkid | tail -2 &&
-cryptsetup luksOpen $partition_path_1 $mapper_name_1 &&
-cryptsetup luksOpen $partition_path_2 $mapper_name_2 &&
-cryptsetup status $mapper_path_1 &&
-cryptsetup status $mapper_path_2 &&
-mkfs.btrfs -L $label -m raid1 -d raid1 $mapper_path_1 $mapper_path_2 &&
+cryptsetup luksOpen "$partition_path_1" "$mapper_name_1" &&
+cryptsetup luksOpen "$partition_path_2" "$mapper_name_2" &&
+cryptsetup status "$mapper_path_1" &&
+cryptsetup status "$mapper_path_2" &&
+mkfs.btrfs -m raid1 -d raid1 "$mapper_path_1" "$mapper_path_2" &&
 success "Encryption successfull :)" ||
 error
diff --git a/scripts/encryption/storage/single_drive/base.sh b/scripts/encryption/storage/single_drive/base.sh
index 9b74781..3c00ca1 100644
--- a/scripts/encryption/storage/single_drive/base.sh
+++ b/scripts/encryption/storage/single_drive/base.sh
@@ -1,2 +1,3 @@
 #!/bin/bash
+# shellcheck disable=SC1090  # Can't follow non-constant source. Use a directive to specify location.
 source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1)
diff --git a/scripts/encryption/storage/single_drive/mount.sh b/scripts/encryption/storage/single_drive/mount.sh
index 13cf0b0..a54896a 100644
--- a/scripts/encryption/storage/single_drive/mount.sh
+++ b/scripts/encryption/storage/single_drive/mount.sh
@@ -1,15 +1,18 @@
 #!/bin/bash
+# shellcheck disable=SC1090  # Can't follow non-constant source. Use a directive to specify location.
+# shellcheck disable=SC2015  # Deactivating bool hint
+# shellcheck disable=SC2154  # Referenced but not assigned
 source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1)
 echo "Mounts encrypted storages"
 
 set_device_mount_partition_and_mapper_paths
 
 info "Unlock partition..." &&
-sudo cryptsetup luksOpen $partition_path $mapper_name ||
+sudo cryptsetup luksOpen "$partition_path" "$mapper_name" ||
 error
 
 info "Mount partition..." &&
-sudo mount $mapper_path $mount_path ||
+sudo mount "$mapper_path" "$mount_path" ||
 error
 
 success "Mounting successfull :)"
diff --git a/scripts/encryption/storage/single_drive/mount_on_boot.sh b/scripts/encryption/storage/single_drive/mount_on_boot.sh
index 1a39f2f..d44dff1 100644
--- a/scripts/encryption/storage/single_drive/mount_on_boot.sh
+++ b/scripts/encryption/storage/single_drive/mount_on_boot.sh
@@ -1,11 +1,13 @@
 #!/bin/bash
+# shellcheck disable=SC1090  # Can't follow non-constant source. Use a directive to specify location.
+# shellcheck disable=SC2154  # Referenced but not assigned
 source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1)
 echo "Automount encrypted storages"
 echo
 set_device_mount_partition_and_mapper_paths
 
-create_luks_key_and_update_cryptab $mapper_name $partition_path
+create_luks_key_and_update_cryptab "$mapper_name" "$partition_path"
 
-update_fstab $mapper_path $mount_path
+update_fstab "$mapper_path" "$mount_path"
 
 success "Installation finished. Please restart :)"
diff --git a/scripts/encryption/storage/single_drive/setup.sh b/scripts/encryption/storage/single_drive/setup.sh
index e79703e..7071f5d 100644
--- a/scripts/encryption/storage/single_drive/setup.sh
+++ b/scripts/encryption/storage/single_drive/setup.sh
@@ -1,4 +1,7 @@
 #!/bin/bash
+# shellcheck disable=SC1090  # Can't follow non-constant source. Use a directive to specify location.
+# shellcheck disable=SC2015  # Deactivating bool hint
+# shellcheck disable=SC2154  # Referenced but not assigned
 source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1)
 echo "Setups disk encryption"
 
@@ -23,25 +26,25 @@ info "Creating partition table..."
 error
 
 info "Encrypt $device_path..." &&
-sudo cryptsetup -v -y luksFormat $partition_path ||
+sudo cryptsetup -v -y luksFormat "$partition_path" ||
 error
 
 info "Unlock partition..." &&
-sudo cryptsetup luksOpen $partition_path $mapper_name ||
+sudo cryptsetup luksOpen "$partition_path" "$mapper_name" ||
 error
 
 info "Create btrfs file system..." &&
-sudo mkfs.btrfs $mapper_path || error
+sudo mkfs.btrfs "$mapper_path" || error
 
 info "Creating mount folder unter \"$mount_path\"..." &&
-sudo mkdir -p $mount_path || error
+sudo mkdir -p "$mount_path" || error
 
 info "Mount partition..." &&
-sudo mount $mapper_path $mount_path ||
+sudo mount "$mapper_path" "$mount_path" ||
 error
 
 info "Own partition by user..." &&
-sudo chown -R $USER:$USER $mount_path ||
+sudo chown -R "$USER":"$USER" "$mount_path" ||
 error
 
 success "Encryption successfull :)"
diff --git a/scripts/encryption/storage/single_drive/umount.sh b/scripts/encryption/storage/single_drive/umount.sh
index d894ba7..cd46017 100644
--- a/scripts/encryption/storage/single_drive/umount.sh
+++ b/scripts/encryption/storage/single_drive/umount.sh
@@ -1,12 +1,15 @@
 #!/bin/bash
+# shellcheck disable=SC1090  # Can't follow non-constant source. Use a directive to specify location.
+# shellcheck disable=SC2015  # Deactivating bool hint
+# shellcheck disable=SC2154  # Referenced but not assigned
 source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1)
 echo "Unmount encrypted storages"
 
 set_device_mount_partition_and_mapper_paths
 
 info "Unmount $mapper_path..."
-sudo umount $mapper_path &&
-sudo cryptsetup luksClose $mapper_path ||
+sudo umount "$mapper_path" &&
+sudo cryptsetup luksClose "$mapper_path" ||
 error
 
 success "Successfull :)"