refactor(templates): wrap shell variables in double quotes to handle spaces and special characters safely

2026-02-12 18:00:04 +03:00
parent 0e4bf5ed1a
commit 156e36e97f
8 changed files with 20 additions and 20 deletions
--- a/base/rootfs/etc/cont-init.d/01-set-timezone
+++ b/base/rootfs/etc/cont-init.d/01-set-timezone
@@ -1,7 +1,7 @@
 #!/usr/bin/with-contenv bash
 if [[ -n "$TZ" ]]; then
-    if [[ -f /usr/share/zoneinfo/$TZ ]]; then
+    if [[ -f "/usr/share/zoneinfo/$TZ" ]]; then
         ln -sf /usr/share/zoneinfo/$TZ /etc/localtime
         echo "$TZ" >  /etc/timezone
    else
--- a/jigasi/rootfs/etc/cont-init.d/10-config
+++ b/jigasi/rootfs/etc/cont-init.d/10-config
@@ -91,10 +91,10 @@ elif [[ "$JIGASI_MODE" == "transcriber" ]]; then
    fi
 fi
-if [[ -f /config/custom-sip-communicator.properties ]]; then
+if [[ -f "/config/custom-sip-communicator.properties" ]]; then
    cat /config/custom-sip-communicator.properties >> /config/sip-communicator.properties
 fi
-if [[ -f /config/custom-logging.properties ]]; then
+if [[ -f "/config/custom-logging.properties" ]]; then
    cat /config/custom-logging.properties >> /config/logging.properties
 fi
--- a/jvb/rootfs/etc/cont-init.d/10-config
+++ b/jvb/rootfs/etc/cont-init.d/10-config
@@ -27,7 +27,7 @@ export LOCAL_ADDRESS=$(ip route get 1 | grep -oP '(?<=src ).*' | awk '{ print $1
 export SENTRY_RELEASE="${SENTRY_RELEASE:-$(apt-cache policy jitsi-videobridge2 | sed -n '/Installed/p' | sed -e 's/[^:]*: //')}"
-if [[ -f /config/custom-sip-communicator.properties ]]; then
+if [[ -f "/config/custom-sip-communicator.properties" ]]; then
    cat /config/custom-sip-communicator.properties > /config/sip-communicator.properties
 fi
--- a/prosody/rootfs/etc/cont-init.d/10-config
+++ b/prosody/rootfs/etc/cont-init.d/10-config
@@ -1,6 +1,6 @@
 #!/usr/bin/with-contenv bash
-if [[ ! -f /etc/saslauthd.conf ]] && [[ "$AUTH_TYPE" == "ldap" ]]; then
+if [[ ! -f "/etc/saslauthd.conf" ]] && [[ "$AUTH_TYPE" == "ldap" ]]; then
  tpl /defaults/saslauthd.conf > /etc/saslauthd.conf
  mkdir -pm777 /var/run/saslauthd
  adduser prosody sasl
@@ -92,20 +92,20 @@ if [[ "$PROSODY_MODE" == "visitors" ]]; then
    [ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi"
    [ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0
    FULL_VISITORS_XMPP_DOMAIN="v$PROSODY_VISITOR_INDEX.$VISITORS_XMPP_DOMAIN"
-    if [[ ! -f /config/certs/$FULL_VISITORS_XMPP_DOMAIN.crt ]]; then
+    if [[ ! -f "/config/certs/$FULL_VISITORS_XMPP_DOMAIN.crt" ]]; then
        # echo for using all default values
        echo | prosodyctl --config $PROSODY_CFG cert generate $FULL_VISITORS_XMPP_DOMAIN
    fi
 elif [[ "$PROSODY_MODE" == "brewery" ]]; then
    echo "No need to generate certs for main XMPP domain in brewery mode"
 else
-    if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then
+    if [[ ! -f "/config/certs/$XMPP_DOMAIN.crt" ]]; then
        # echo for using all default values
        echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN
    fi
 fi
-if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then
+if [[ ! -f "/config/certs/$XMPP_AUTH_DOMAIN.crt" ]]; then
    # echo for using all default values
    echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_AUTH_DOMAIN
 fi
--- a/prosody/rootfs/etc/services.d/10-saslauthd/run
+++ b/prosody/rootfs/etc/services.d/10-saslauthd/run
@@ -1,5 +1,5 @@
 #!/usr/bin/with-contenv bash
-if [[ -f /etc/saslauthd.conf ]]; then
+if [[ -f "/etc/saslauthd.conf" ]]; then
  exec s6-setuidgid root saslauthd -a ldap -O /etc/saslauthd.conf -c -m /var/run/saslauthd -n 5 -d
 else
    # if saslauthd should not be started,
--- a/prosody/rootfs/etc/services.d/70-register-setup/run
+++ b/prosody/rootfs/etc/services.d/70-register-setup/run
@@ -81,7 +81,7 @@ else
 fi
 # Register Jibri user if password is set
-if [[ -n $JIBRI_XMPP_PASSWORD ]]; then
+if [[ -n "$JIBRI_XMPP_PASSWORD" ]]; then
    echo "[register-setup] Registering Jibri user..."
    OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIBRI_XMPP_USER@$XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD 2>&1)
    if [ $? -eq 0 ]; then
@@ -94,7 +94,7 @@ fi
 # Register Jibri recorder and Jigasi transcriber in client mode only
 if [[ "$PROSODY_MODE" == "client" ]]; then
    if [[ "$(echo "$ENABLE_RECORDING" | tr '[:upper:]' '[:lower:]')" == "true" ]] || [[ "$ENABLE_RECORDING" == "1" ]]; then
-        if [[ -n $JIBRI_RECORDER_PASSWORD ]]; then
+        if [[ -n "$JIBRI_RECORDER_PASSWORD" ]]; then
            echo "[register-setup] Registering Jibri recorder user..."
            OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIBRI_RECORDER_USER@$XMPP_HIDDEN_DOMAIN $JIBRI_RECORDER_PASSWORD 2>&1)
            if [ $? -eq 0 ]; then
@@ -106,7 +106,7 @@ if [[ "$PROSODY_MODE" == "client" ]]; then
    fi
    if [[ "$(echo "$ENABLE_TRANSCRIPTIONS" | tr '[:upper:]' '[:lower:]')" == "true" ]] || [[ "$ENABLE_TRANSCRIPTIONS" == "1" ]]; then
-        if [[ -n $JIGASI_TRANSCRIBER_PASSWORD ]]; then
+        if [[ -n "$JIGASI_TRANSCRIBER_PASSWORD" ]]; then
            [ -z "$JIGASI_TRANSCRIBER_USER" ] && JIGASI_TRANSCRIBER_USER="transcriber"
            echo "[register-setup] Registering Jigasi transcriber user..."
            OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIGASI_TRANSCRIBER_USER@$XMPP_HIDDEN_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD 2>&1)
@@ -120,7 +120,7 @@ if [[ "$PROSODY_MODE" == "client" ]]; then
 fi
 # Register Jigasi user if password is set
-if [[ -n $JIGASI_XMPP_PASSWORD ]]; then
+if [[ -n "$JIGASI_XMPP_PASSWORD" ]]; then
    echo "[register-setup] Registering Jigasi user..."
    OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIGASI_XMPP_USER@$XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD 2>&1)
    if [ $? -eq 0 ]; then
--- a/web/rootfs/etc/cont-init.d/10-config
+++ b/web/rootfs/etc/cont-init.d/10-config
@@ -21,7 +21,7 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then
        fi
        ACME_SERVER=""
-        if [[ -n $LETSENCRYPT_ACME_SERVER ]]; then
+        if [[ -n "$LETSENCRYPT_ACME_SERVER" ]]; then
            ACME_SERVER="--set-default-ca --server $LETSENCRYPT_ACME_SERVER"
            echo "Using custom ACME server: $LETSENCRYPT_ACME_SERVER"
        fi
@@ -61,7 +61,7 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then
        fi
    else
        # use self-signed certs
-        if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
+        if [[ -f "/config/keys/cert.key" && -f "/config/keys/cert.crt" ]]; then
            echo "using keys found in /config/keys"
        else
            echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required"
@@ -122,7 +122,7 @@ fi
 tpl /defaults/nginx.conf > /config/nginx/nginx.conf
 tpl /defaults/meet.conf > /config/nginx/meet.conf
-if [[ -f /config/nginx/custom-meet.conf ]]; then
+if [[ -f "/config/nginx/custom-meet.conf" ]]; then
    cat /config/nginx/custom-meet.conf >> /config/nginx/meet.conf
 fi
@@ -132,11 +132,11 @@ tpl /defaults/default > /config/nginx/site-confs/default
 tpl /defaults/system-config.js > /config/config.js
 tpl /defaults/settings-config.js >> /config/config.js
-if [[ -f /config/custom-config.js ]]; then
+if [[ -f "/config/custom-config.js" ]]; then
    cat /config/custom-config.js >> /config/config.js
 fi
 cp /defaults/interface_config.js /config/interface_config.js
-if [[ -f /config/custom-interface_config.js ]]; then
+if [[ -f "/config/custom-interface_config.js" ]]; then
    cat /config/custom-interface_config.js >> /config/interface_config.js
 fi
--- a/web/rootfs/etc/services.d/jaas-account/run
+++ b/web/rootfs/etc/services.d/jaas-account/run
@@ -17,9 +17,9 @@ function stop_service() {
  exit 0
 }
-if [[ $DISABLE_HTTPS -ne 1 ]] && [[ $ENABLE_LETSENCRYPT -eq 1 ]] && [[ $ENABLE_JAAS_COMPONENTS -eq 1 ]]  && [[ -n $EMAIL ]] && [[ -n $DOMAIN ]]; then
+if [[ "$DISABLE_HTTPS" -ne 1 ]] && [[ "$ENABLE_LETSENCRYPT" -eq 1 ]] && [[ "$ENABLE_JAAS_COMPONENTS" -eq 1 ]]  && [[ -n "$EMAIL" ]] && [[ -n "$DOMAIN" ]]; then
-if [ -f $JAAS_ACCOUNT_FILE ]; then
+if [ -f "$JAAS_ACCOUNT_FILE" ]; then
    echo "JaaS account already exists"
    stop_service
 fi