refactor(templates): wrap shell variables in double quotes to handle spaces and special characters safely

base/rootfs/etc/cont-init.d/01-set-timezone

@@ -1,7 +1,7 @@
 #!/usr/bin/with-contenv bash
 
 if [[ -n "$TZ" ]]; then
-    if [[ -f /usr/share/zoneinfo/$TZ ]]; then
+    if [[ -f "/usr/share/zoneinfo/$TZ" ]]; then
          ln -sf /usr/share/zoneinfo/$TZ /etc/localtime
          echo "$TZ" >  /etc/timezone
     else

jigasi/rootfs/etc/cont-init.d/10-config

@@ -91,10 +91,10 @@ elif [[ "$JIGASI_MODE" == "transcriber" ]]; then
     fi
 fi
 
-if [[ -f /config/custom-sip-communicator.properties ]]; then
+if [[ -f "/config/custom-sip-communicator.properties" ]]; then
     cat /config/custom-sip-communicator.properties >> /config/sip-communicator.properties
 fi
-if [[ -f /config/custom-logging.properties ]]; then
+if [[ -f "/config/custom-logging.properties" ]]; then
     cat /config/custom-logging.properties >> /config/logging.properties
 fi
 

jvb/rootfs/etc/cont-init.d/10-config

@@ -27,7 +27,7 @@ export LOCAL_ADDRESS=$(ip route get 1 | grep -oP '(?<=src ).*' | awk '{ print $1
 
 export SENTRY_RELEASE="${SENTRY_RELEASE:-$(apt-cache policy jitsi-videobridge2 | sed -n '/Installed/p' | sed -e 's/[^:]*: //')}"
 
-if [[ -f /config/custom-sip-communicator.properties ]]; then
+if [[ -f "/config/custom-sip-communicator.properties" ]]; then
     cat /config/custom-sip-communicator.properties > /config/sip-communicator.properties
 fi
 

prosody/rootfs/etc/cont-init.d/10-config

@@ -1,6 +1,6 @@
 #!/usr/bin/with-contenv bash
 
-if [[ ! -f /etc/saslauthd.conf ]] && [[ "$AUTH_TYPE" == "ldap" ]]; then
+if [[ ! -f "/etc/saslauthd.conf" ]] && [[ "$AUTH_TYPE" == "ldap" ]]; then
   tpl /defaults/saslauthd.conf > /etc/saslauthd.conf
   mkdir -pm777 /var/run/saslauthd
   adduser prosody sasl
@@ -92,20 +92,20 @@ if [[ "$PROSODY_MODE" == "visitors" ]]; then
     [ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi"
     [ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0
     FULL_VISITORS_XMPP_DOMAIN="v$PROSODY_VISITOR_INDEX.$VISITORS_XMPP_DOMAIN"
-    if [[ ! -f /config/certs/$FULL_VISITORS_XMPP_DOMAIN.crt ]]; then
+    if [[ ! -f "/config/certs/$FULL_VISITORS_XMPP_DOMAIN.crt" ]]; then
         # echo for using all default values
         echo | prosodyctl --config $PROSODY_CFG cert generate $FULL_VISITORS_XMPP_DOMAIN
     fi
 elif [[ "$PROSODY_MODE" == "brewery" ]]; then
     echo "No need to generate certs for main XMPP domain in brewery mode"
 else
-    if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then
+    if [[ ! -f "/config/certs/$XMPP_DOMAIN.crt" ]]; then
         # echo for using all default values
         echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN
     fi
 fi
 
-if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then
+if [[ ! -f "/config/certs/$XMPP_AUTH_DOMAIN.crt" ]]; then
     # echo for using all default values
     echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_AUTH_DOMAIN
 fi

prosody/rootfs/etc/services.d/10-saslauthd/run

@@ -1,5 +1,5 @@
 #!/usr/bin/with-contenv bash
-if [[ -f /etc/saslauthd.conf ]]; then
+if [[ -f "/etc/saslauthd.conf" ]]; then
   exec s6-setuidgid root saslauthd -a ldap -O /etc/saslauthd.conf -c -m /var/run/saslauthd -n 5 -d
 else
     # if saslauthd should not be started,

prosody/rootfs/etc/services.d/70-register-setup/run

@@ -81,7 +81,7 @@ else
 fi
 
 # Register Jibri user if password is set
-if [[ -n $JIBRI_XMPP_PASSWORD ]]; then
+if [[ -n "$JIBRI_XMPP_PASSWORD" ]]; then
     echo "[register-setup] Registering Jibri user..."
     OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIBRI_XMPP_USER@$XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD 2>&1)
     if [ $? -eq 0 ]; then
@@ -94,7 +94,7 @@ fi
 # Register Jibri recorder and Jigasi transcriber in client mode only
 if [[ "$PROSODY_MODE" == "client" ]]; then
     if [[ "$(echo "$ENABLE_RECORDING" | tr '[:upper:]' '[:lower:]')" == "true" ]] || [[ "$ENABLE_RECORDING" == "1" ]]; then
-        if [[ -n $JIBRI_RECORDER_PASSWORD ]]; then
+        if [[ -n "$JIBRI_RECORDER_PASSWORD" ]]; then
             echo "[register-setup] Registering Jibri recorder user..."
             OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIBRI_RECORDER_USER@$XMPP_HIDDEN_DOMAIN $JIBRI_RECORDER_PASSWORD 2>&1)
             if [ $? -eq 0 ]; then
@@ -106,7 +106,7 @@ if [[ "$PROSODY_MODE" == "client" ]]; then
     fi
 
     if [[ "$(echo "$ENABLE_TRANSCRIPTIONS" | tr '[:upper:]' '[:lower:]')" == "true" ]] || [[ "$ENABLE_TRANSCRIPTIONS" == "1" ]]; then
-        if [[ -n $JIGASI_TRANSCRIBER_PASSWORD ]]; then
+        if [[ -n "$JIGASI_TRANSCRIBER_PASSWORD" ]]; then
             [ -z "$JIGASI_TRANSCRIBER_USER" ] && JIGASI_TRANSCRIBER_USER="transcriber"
             echo "[register-setup] Registering Jigasi transcriber user..."
             OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIGASI_TRANSCRIBER_USER@$XMPP_HIDDEN_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD 2>&1)
@@ -120,7 +120,7 @@ if [[ "$PROSODY_MODE" == "client" ]]; then
 fi
 
 # Register Jigasi user if password is set
-if [[ -n $JIGASI_XMPP_PASSWORD ]]; then
+if [[ -n "$JIGASI_XMPP_PASSWORD" ]]; then
     echo "[register-setup] Registering Jigasi user..."
     OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIGASI_XMPP_USER@$XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD 2>&1)
     if [ $? -eq 0 ]; then

web/rootfs/etc/cont-init.d/10-config

@@ -21,7 +21,7 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then
         fi
 
         ACME_SERVER=""
-        if [[ -n $LETSENCRYPT_ACME_SERVER ]]; then
+        if [[ -n "$LETSENCRYPT_ACME_SERVER" ]]; then
             ACME_SERVER="--set-default-ca --server $LETSENCRYPT_ACME_SERVER"
             echo "Using custom ACME server: $LETSENCRYPT_ACME_SERVER"
         fi
@@ -61,7 +61,7 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then
         fi
     else
         # use self-signed certs
-        if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
+        if [[ -f "/config/keys/cert.key" && -f "/config/keys/cert.crt" ]]; then
             echo "using keys found in /config/keys"
         else
             echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required"
@@ -122,7 +122,7 @@ fi
 tpl /defaults/nginx.conf > /config/nginx/nginx.conf
 
 tpl /defaults/meet.conf > /config/nginx/meet.conf
-if [[ -f /config/nginx/custom-meet.conf ]]; then
+if [[ -f "/config/nginx/custom-meet.conf" ]]; then
     cat /config/nginx/custom-meet.conf >> /config/nginx/meet.conf
 fi
 
@@ -132,11 +132,11 @@ tpl /defaults/default > /config/nginx/site-confs/default
 
 tpl /defaults/system-config.js > /config/config.js
 tpl /defaults/settings-config.js >> /config/config.js
-if [[ -f /config/custom-config.js ]]; then
+if [[ -f "/config/custom-config.js" ]]; then
     cat /config/custom-config.js >> /config/config.js
 fi
 
 cp /defaults/interface_config.js /config/interface_config.js
-if [[ -f /config/custom-interface_config.js ]]; then
+if [[ -f "/config/custom-interface_config.js" ]]; then
     cat /config/custom-interface_config.js >> /config/interface_config.js
 fi

web/rootfs/etc/services.d/jaas-account/run

@@ -17,9 +17,9 @@ function stop_service() {
   exit 0
 }
 
-if [[ $DISABLE_HTTPS -ne 1 ]] && [[ $ENABLE_LETSENCRYPT -eq 1 ]] && [[ $ENABLE_JAAS_COMPONENTS -eq 1 ]]  && [[ -n $EMAIL ]] && [[ -n $DOMAIN ]]; then
+if [[ "$DISABLE_HTTPS" -ne 1 ]] && [[ "$ENABLE_LETSENCRYPT" -eq 1 ]] && [[ "$ENABLE_JAAS_COMPONENTS" -eq 1 ]]  && [[ -n "$EMAIL" ]] && [[ -n "$DOMAIN" ]]; then
 
-if [ -f $JAAS_ACCOUNT_FILE ]; then
+if [ -f "$JAAS_ACCOUNT_FILE" ]; then
     echo "JaaS account already exists"
     stop_service
 fi