Resolve shellcheck lint issues (#100)

* fix: exclude double-quoted variables rule

* refactor: fix lint issues in persistent-setup

* refactor: increase indentation of onlynet_onion

* refactor: satisfy shellcheck SC2181

This refactor doesn't make a ton of sense so another option is to revert this commit and exclude SC2181.

* refactor: fix indentation of link_dotfiles subshell

* refactor: avoid for loops over find output [SC2044]

* refactor: comment out unused variable

* refactor: ensure variable never expands to /bin or /lib

* refactor: use -n instead of ! -z

* Ignore SC2046 in CI checks

* fix syntax in yaml

* refactor: read without -r will mangle backslashes

* refactor: Declare and assign separately to avoid masking return values

* refactor: read without -r will mangle backslashes

* refactor: Don't use variables in the printf format string

* refactor: $ is unnecessary on arithmetic variables

* Remove the repeated ', providing ... privacy.'

* Clarify that Bitcoin Core connects, not Bails

* Make consistent with Lines 113 and 156

* Exclude SC2012 (Use 'cd ... || exit') and SC2164 (find instead of ls)

* wording change in comment

* lint fixes

---------

Co-authored-by: Ben Westgate <[email protected]>

.github/workflows/lint.yaml

@@ -15,6 +15,8 @@ jobs:
       - uses: actions/checkout@v4
       - name: Lint with shellcheck
         uses: ludeeus/[email protected]
+        env:
+          SHELLCHECK_OPTS: -e 2012 -e SC2046 -e SC2086 -e SC2164
         with:
           ignore_paths: |
             ./bin/bails-wallet

b

@@ -36,9 +36,10 @@ if [[ $(id -u) = "0" ]]; then
   echo "
 YOU SHOULD NOT RUN THIS SCRIPT AS ROOT!
 "
-  read -p "PRESS ENTER TO EXIT SCRIPT, AND RUN AGAIN AS $USER. "
+  read -rp "PRESS ENTER TO EXIT SCRIPT, AND RUN AGAIN AS $USER. "
   exit 0
 fi
 
-export BAILS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+BAILS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+export BAILS_DIR
 $BAILS_DIR/bin/install-core

bin/bails-menu

@@ -33,24 +33,26 @@ export DATA_DIR="/live/persistence/TailsData_unlocked/Persistent/.bitcoin"
 export BAILS_DIR="$LOCAL_DIR"
 
 onlynet_onion() {
-zenity --question --title='Network Privacy' --width=420 --text='Bails offers different settings for connecting to the Bitcoin network. By default, Bails connects to both clearnet and Tor (onion) peers, providing a balance between usability and privacy.
+    zenity --question --title='Network Privacy' --width=420 --text='Bails offers different settings for connecting to the Bitcoin network. By default, Bitcoin Core connects to both clearnet and Tor (onion) peers, providing a balance between usability and privacy.
 
-Would you like to enhance privacy by connecting exclusively to Tor (onion) peers with reduced clearnet exposure? This may limit your network diversity and can be less stable if you have limited Tor peers.' --icon-name=tor-connection --default-cancel
+    Would you like to enhance privacy by connecting exclusively to Tor (onion) peers with reduced clearnet exposure? This may limit your network diversity and can be less stable if you have limited Tor peers.' --icon-name=tor-connection --default-cancel
 
-if [ $? = 0 ]; then
-    # User chose to enable -onlynet=onion
-    sed --in-place 's/#onlynet=<net>/onlynet=onion/' $DATA_DIR/bitcoin.conf
-    zenity --info --title='Network settings updated' --text='You have chosen to connect exclusively to Tor (onion) peers.
+    zenity_exit_status=$?
+
+    if [ $zenity_exit_status = 0 ]; then
+        # User chose to enable -onlynet=onion
+        sed --in-place 's/#onlynet=<net>/onlynet=onion/' $DATA_DIR/bitcoin.conf
+        zenity --info --title='Network settings updated' --text='You have chosen to connect exclusively to Tor (onion) peers.
 
-Your network settings have been updated.' --width=420 --icon-name=tor-connected-symbolic
+    Your network settings have been updated.' --width=420 --icon-name=tor-connected-symbolic
 
-else
-    # User chose default network settings
-    sed --in-place 's/onlynet=onion/#onlynet=<net>/' $DATA_DIR/bitcoin.conf
-    zenity --info --title='Default network settings' --text='You have chosen to keep the default network settings.
-Bitcoin Core will continue to connect to both clearnet and Tor (onion) peers, providing a balance between usability and privacy.' --width=420 --icon-name=tor-disconnected-symbolic
+    else
+        # User chose default network settings
+        sed --in-place 's/onlynet=onion/#onlynet=<net>/' $DATA_DIR/bitcoin.conf
+        zenity --info --title='Default network settings' --text='You have chosen to keep the default network settings.
+    Bitcoin Core will continue to connect to both clearnet and Tor (onion) peers.' --width=420 --icon-name=tor-disconnected-symbolic
 
-fi
+    fi
 }
 
 # Display menu and get user response

bin/install-core

@@ -38,9 +38,9 @@ export LOCAL_DIR=$DOTFILES/.local
 
 link_dotfiles() {
     ( # runs in subshell to preserve current directory
-      cd $DOTFILES
-      for dir in $(find . -type d); do mkdir --parents $HOME${dir:1}; done
-      for file in $(find . -type f); do ln --symbolic --force $PWD${file:1} $HOME${file:1}; done
+        cd $DOTFILES
+        find . -type d | while read -r dir; do mkdir --parents "$HOME${dir:1}"; done
+        find . -type f | while read -r file; do ln --symbolic --force "$PWD${file:1}" "$HOME${file:1}"; done
     ) &>/dev/null
 }
 
@@ -60,7 +60,7 @@ check_sigs() {
             (( good_sig >= $1 )) && { type=info; break; }
         done
     fi
-    zenity --$type --title="$good_sig of $1 good signatures found" --text="$(gpg --verify SHA256SUMS.asc SHA256SUMS 2>&1 | grep 'Good signature' | cut -c6-)" --no-markup --width=200 --no-wrap $ICON --timeout=10 & next_dialog=$!	#TODO use this to prevent multiple dialogs showing if unintended install
+    zenity --$type --title="$good_sig of $1 good signatures found" --text="$(gpg --verify SHA256SUMS.asc SHA256SUMS 2>&1 | grep 'Good signature' | cut -c6-)" --no-markup --width=200 --no-wrap $ICON --timeout=10 # & next_dialog=$!	# TODO: use next_dialog to prevent multiple dialogs showing during an unattended install
     (( good_sig < $1 )) && { sleep 2; check_sigs $1; }
 }
 
@@ -85,7 +85,7 @@ search_key() {
         else
             gpg --batch --yes --delete-keys $key &>/dev/null
         fi
-    elif [ ! -z "$1" ]; then
+    elif [ -n "$1" ]; then
         echo "$key not found."
         return 1
     else
@@ -145,7 +145,7 @@ printf '\033]2;Getting Bitcoin Core signatures...\a'
 ps -p $sig_dl &>/dev/null && fg %$(jobs -l | grep $sig_dl | cut -f1 -d' ' | tr -c -d '[:digit:]')
 
 # Switch into latest bitcoin-core directory
-cd "$(ls -dt "$destination_dir"/bitcoin-core-* | head -1)" || {
+cd "$(ls -dt $destination_dir/bitcoin-core-* | head -1)" || {
     zenity --warning --title="Download failure" --text="Click OK to try downloading Bitcoin Core again." --ellipsize $ICON &&
     sleep 5
     install-core	# launch this script again
@@ -245,7 +245,7 @@ rsync --remove-source-files -recursive "$BAILS_DIR"/config/ $DOTFILES/.config
 }' > $DATA_DIR/settings.json
 
 # Cleanup
-rm -Rf $BAILS_DIR/{bin,lib,share,state,config} "$destination_dir"/{download,*.tmp,wget-log*}
+rm -Rf ${BAILS_DIR:?}/{bin,lib,share,state,config} "$destination_dir"/{download,*.tmp,wget-log*}
 rsync -r --remove-source-files $BAILS_DIR $LOCAL_DIR/share/
 rm -rf $BAILS_DIR
 link_dotfiles
@@ -277,7 +277,7 @@ Closing this window in 10 seconds, press any key to abort.
 
 for ((i = 10; i >= 1; i--)); do
     echo -n "$i "
-    read -t 1 -n 1 && { echo "\nAborted."; exit 0; }
+    read -r -t 1 -n 1 && { printf '\n%s\n' "Aborted."; exit 0; }
 done
 
 echo "

bin/persistent-setup

@@ -66,7 +66,7 @@ else:
     done
     unset entropy
      # Change user account password to Persistent Storage passphrase for spaced repetition practice.
-    printf "$existing_passphrase\n$existing_passphrase" | passwd || echo "FAILURE to change passphrase"
+    printf '%s\n%s' "$existing_passphrase" "$existing_passphrase" | passwd || echo "FAILURE to change passphrase"
 else
     # Choose passphrase
     zenity --warning --title='Choose a strong passphrase' \
@@ -83,13 +83,13 @@ else
     done & notifying+=($!)
 
     until [ -b '/dev/mapper/TailsData_unlocked' ]; do
-        grep --count 'python3 /usr/local/lib/tps-frontend' <<< $(ps -ef) - >/dev/null ||
+        grep --count 'python3 /usr/local/lib/tps-frontend' <<< "$(ps -ef)" - >/dev/null ||
             { tails-persistent-storage & notify-send --icon=tails-persistent-storage 'Click Continue to create a Persistent Storage'; }
         sleep 1
     done
 
     # Clear notifications
-    kill ${notifying[*]} &>/dev/null
+    kill "${notifying[@]}" &>/dev/null
     dbus-send --session --type=method_call --dest=org.gnome.Shell /org/gnome/Shell org.gnome.Shell.Eval string:'Main.panel.statusArea.dateMenu._messageList._sectionList.get_children().forEach(s => s.clear());'
 
     # Memorization help
@@ -124,7 +124,7 @@ if /usr/local/lib/tpscli is-active PersistentDirectory && \
     /usr/local/lib/tpscli is-active Dotfiles; then
         :
 else
-    grep --count 'python3 /usr/local/lib/tps-frontend' <<< $(ps -ef) - >/dev/null ||
+    grep --count 'python3 /usr/local/lib/tps-frontend' <<< "$(ps -ef)" - >/dev/null ||
         { tails-persistent-storage & notify-send --icon=tails-persistent-storage 'You must turn on needed features of the Persistent Storage.'; }
 
     zenity --info --title='Features of the Persistent Storage' \
@@ -135,7 +135,7 @@ fi
 until /usr/local/lib/tpscli is-active PersistentDirectory && \
     /usr/local/lib/tpscli is-active GnuPG && \
     /usr/local/lib/tpscli is-active Dotfiles; do
-    grep --count 'python3 /usr/local/lib/tps-frontend' <<< $(ps -ef) - >/dev/null ||
+    grep --count 'python3 /usr/local/lib/tps-frontend' <<< "$(ps -ef)" - >/dev/null ||
         { tails-persistent-storage & notify-send --icon=tails-persistent-storage 'You must turn on needed features of the Persistent Storage.'; }
     {
         /usr/local/lib/tpscli is-active PersistentDirectory ||

bin/spaced-repetition

@@ -30,10 +30,10 @@ get_passphrase() {
 }
 
 check_passphrase() {
-    read -s passphrase
+    read -rs passphrase
     temp_passw="$(head -c16 /dev/urandom | xxd -p)"
-    printf "$passphrase\n$temp_passw\n$temp_passw" | passwd && \
-    printf "$temp_passw\n$passphrase\n$passphrase" | passwd
+    printf '%s\n%s\n%s' "$passphrase" "$temp_passw" "$temp_passw" | passwd && \
+    printf '%s\n%s\n%s' "$temp_passw" "$passphrase" "$passphrase" | passwd
 }
 
 # Initialize variables
@@ -55,7 +55,7 @@ while true; do
     # Check if the entered passphrase matches the correct one
     if check_passphrase &>/dev/null <<< "$passphrase"; then
         unset passphrase temp_passw
-        interval=$((interval * ($RANDOM % 2500 + 2000) / 2 ** exp / 1500))
+        interval=$((interval * (RANDOM % 2500 + 2000) / 2 ** exp / 1500))
         (( interval < min_interval )) && interval=$min_interval
         # Wait for the specified interval before showing the pinentry dialog again
         sleep $interval