From 65a52e512f7da94b74cc60a9efae76b58914ed11 2018-11-17 22:09:14
From: Unknown <xyz258@abwesend.de>
Date: 2018-11-17 22:09:14
Subject: [PATCH] https://www.shellcheck.net/

- most of the time word splitting fixes escaped with "
- NTP var fix (missing $)
- !-z equals -n
---

diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh
index d8cfb69..8776997 100644
--- a/bootstrap.d/10-bootstrap.sh
+++ b/bootstrap.d/10-bootstrap.sh
@@ -19,7 +19,7 @@ if [ "$ENABLE_MINBASE" = true ] ; then
 fi
 
 # Base debootstrap (unpack only)
-http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
+http_proxy=${APT_PROXY} debootstrap "${APT_EXCLUDES}" --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
 
 # Copy qemu emulator binary to chroot
 install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh
index 3c9b2a0..f511f43 100644
--- a/bootstrap.d/11-apt.sh
+++ b/bootstrap.d/11-apt.sh
@@ -41,13 +41,13 @@ chroot_exec apt-get -qq -y update
 chroot_exec apt-get -qq -y -u dist-upgrade
 
 if [ "$APT_INCLUDES_LATE" ] ; then
-  chroot_exec apt-get -qq -y install $(echo $APT_INCLUDES_LATE |tr , ' ')
+  chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
 fi
 
 if [ -d packages ] ; then
   for package in packages/*.deb ; do
-    cp $package ${R}/tmp
-    chroot_exec dpkg --unpack /tmp/$(basename $package)
+    cp "$package" "${R}"/tmp
+    chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
   done
 fi
 chroot_exec apt-get -qq -y -f install
diff --git a/bootstrap.d/12-locale.sh b/bootstrap.d/12-locale.sh
index ac342ef..c469ec3 100644
--- a/bootstrap.d/12-locale.sh
+++ b/bootstrap.d/12-locale.sh
@@ -6,11 +6,11 @@
 . ./functions.sh
 
 # Install and setup timezone
-echo ${TIMEZONE} > "${ETC_DIR}/timezone"
+echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
 chroot_exec dpkg-reconfigure -f noninteractive tzdata
 
 # Install and setup default locale and keyboard configuration
-if [ $(echo "$APT_INCLUDES" | grep ",locales") ] ; then
+if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
   # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
   # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
   # ... so we have to set locales manually
diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index a3c2e0c..7805160 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -89,30 +89,32 @@ if [ "$BUILD_KERNEL" = true ] ; then
 
       # Set kernel configuration parameters to enable qemu emulation
       if [ "$ENABLE_QEMU" = true ] ; then
-        echo "CONFIG_FHANDLE=y" >> ${KERNEL_DIR}/.config
-        echo "CONFIG_LBDAF=y" >> ${KERNEL_DIR}/.config
+        echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
+        echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
 
         if [ "$ENABLE_CRYPTFS" = true ] ; then
-          echo "CONFIG_EMBEDDED=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_EXPERT=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_DAX=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_MD=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_BLK_DEV_MD=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_MD_AUTODETECT=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_BLK_DEV_DM=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_BLK_DEV_DM_BUILTIN=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_DM_CRYPT=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_CRYPTO_BLKCIPHER=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_CRYPTO_CBC=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_CRYPTO_XTS=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_CRYPTO_SHA512=y" >> ${KERNEL_DIR}/.config
-          echo "CONFIG_CRYPTO_MANAGER=y" >> ${KERNEL_DIR}/.config
+          {
+            echo "CONFIG_EMBEDDED=y"
+            echo "CONFIG_EXPERT=y"
+            echo "CONFIG_DAX=y"
+            echo "CONFIG_MD=y"
+            echo "CONFIG_BLK_DEV_MD=y"
+            echo "CONFIG_MD_AUTODETECT=y"
+            echo "CONFIG_BLK_DEV_DM=y"
+            echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
+            echo "CONFIG_DM_CRYPT=y"
+            echo "CONFIG_CRYPTO_BLKCIPHER=y"
+            echo "CONFIG_CRYPTO_CBC=y"
+            echo "CONFIG_CRYPTO_XTS=y"
+            echo "CONFIG_CRYPTO_SHA512=y"
+            echo "CONFIG_CRYPTO_MANAGER=y" 
+          } >> ${KERNEL_DIR}/.config
 	fi
       fi
 
       # Copy custom kernel configuration file
-      if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then
-        cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config
+      if [ -n "$KERNELSRC_USRCONFIG" ] ; then
+        cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
       fi
 
       # Set kernel configuration parameters to their default values
@@ -134,11 +136,11 @@ if [ "$BUILD_KERNEL" = true ] ; then
     fi
 
     # Cross compile kernel and dtbs
-    make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
+    make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
 
     # Cross compile kernel modules
-    if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
-      make -C "${KERNEL_DIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
+    if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
+      make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
     fi
   fi
 
@@ -151,16 +153,16 @@ if [ "$BUILD_KERNEL" = true ] ; then
 
   # Install kernel modules
   if [ "$ENABLE_REDUCE" = true ] ; then
-    if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
+    if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
       make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
     fi
   else
-    if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
+    if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
       make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
     fi
 
     # Install kernel firmware
-    if [ $(grep "^firmware_install:" "${KERNEL_DIR}/Makefile") ] ; then
+    if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
       make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
     fi
   fi
@@ -223,8 +225,8 @@ if [ "$BUILD_KERNEL" = true ] ; then
     rm -fr "${KERNEL_DIR}"
   else
     # Prepare compiled kernel modules
-    if [ $(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config") ] ; then
-      if [ $(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile") ] ; then
+    if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
+      if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
         make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
       fi
 
@@ -242,7 +244,7 @@ else # BUILD_KERNEL=false
   chroot_exec apt-get -qq -y install flash-kernel
 
   # Check if kernel installation was successful
-  VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
+  VMLINUZ="$(ls -1 "${R}"/boot/vmlinuz-* | sort | tail -n 1)"
   if [ -z "$VMLINUZ" ] ; then
     echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
     cleanup
diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh
index 0a8eb19..2f68cdf 100644
--- a/bootstrap.d/14-fstab.sh
+++ b/bootstrap.d/14-fstab.sh
@@ -45,7 +45,7 @@ if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
     printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
 
     # Dummy mapping required by mkinitramfs
-    echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
+    echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
 
     # Generate initramfs with encrypted root partition support
     chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh
index b84de23..031776b 100644
--- a/bootstrap.d/15-rpi-config.sh
+++ b/bootstrap.d/15-rpi-config.sh
@@ -8,13 +8,13 @@
 if [ "$BUILD_KERNEL" = true ] ; then
   if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
     # Install boot binaries from local directory
-    cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
-    cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
-    cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
-    cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
-    cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
-    cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
-    cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
+    cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
+    cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
+    cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
+    cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
+    cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
+    cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
+    cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
   else
     # Create temporary directory for boot binaries
     temp_dir=$(as_nobody mktemp -d)
@@ -50,9 +50,9 @@ fi
 # Add encrypted root partition to cmdline.txt
 if [ "$ENABLE_CRYPTFS" = true ] ; then
   if [ "$ENABLE_SPLITFS" = true ] ; then
-    CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
+    CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
   else
-    CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
+    CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
   fi
 fi
 
@@ -139,7 +139,7 @@ if [ "$ENABLE_SPI" = true ] ; then
 fi
 
 # Disable RPi2/3 under-voltage warnings
-if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
+if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
   echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
 fi
 
diff --git a/bootstrap.d/16-videocore.sh b/bootstrap.d/16-videocore.sh
index 6a3acc9..139d60f 100644
--- a/bootstrap.d/16-videocore.sh
+++ b/bootstrap.d/16-videocore.sh
@@ -28,6 +28,6 @@ if [ "$ENABLE_VIDEOCORE" = true ] ; then
   fi
 
   cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DVIDEOCORE_BUILD_DIR="${R}"/opt/vc
-  make -j $(nproc)
-  chroot_exec PATH=${PATH}:/opt/vc/bin
+  make -j "$(nproc)"
+  chroot_exec PATH="${PATH}":/opt/vc/bin
 fi
diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh
index c386754..d53b78b 100644
--- a/bootstrap.d/20-networking.sh
+++ b/bootstrap.d/20-networking.sh
@@ -89,14 +89,14 @@ if [ "$ENABLE_HARDNET" = true ] ; then
 fi
 
 # Enable time sync
-if [ "NET_NTP_1" != "" ] ; then
+if [ "$NET_NTP_1" != "" ] ; then
   chroot_exec systemctl enable systemd-timesyncd.service
 fi
 
 # Download the firmware binary blob required to use the RPi3 wireless interface
 if [ "$ENABLE_WIRELESS" = true ] ; then
-  if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then
-	mkdir -p ${WLAN_FIRMWARE_DIR}
+  if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
+	mkdir -p "${WLAN_FIRMWARE_DIR}"
   fi
 
   # Create temporary directory for firmware binary blob
diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh
index d975b24..65a48a9 100755
--- a/rpi23-gen-image.sh
+++ b/rpi23-gen-image.sh
@@ -31,7 +31,7 @@ fi
 . ./functions.sh
 
 # Load parameters from configuration template file
-if [ ! -z "$CONFIG_TEMPLATE" ] ; then
+if [ -n "$CONFIG_TEMPLATE" ] ; then
   use_template
 fi
 
@@ -297,7 +297,7 @@ if [ "$ENABLE_WIRELESS" = true ] && ([ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P
 fi  
 
 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
-if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
+if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
   if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
     echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
     exit 1
@@ -361,7 +361,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then
 fi
 
 # Check if root SSH (v2) public key file exists
-if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
+if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
   if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
     echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
     exit 1
@@ -369,7 +369,7 @@ if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then
 fi
 
 # Check if $USER_NAME SSH (v2) public key file exists
-if [ ! -z "$SSH_USER_PUB_KEY" ] ; then
+if [ -n "$SSH_USER_PUB_KEY" ] ; then
   if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
     echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
     exit 1
@@ -378,7 +378,7 @@ fi
 
 # Check if all required packages are installed on the build system
 for package in $REQUIRED_PACKAGES ; do
-  if [ "`dpkg-query -W -f='${Status}' $package`" != "install ok installed" ] ; then
+  if [ "$(dpkg-query -W -f='${Status}' $package)" != "install ok installed" ] ; then
     MISSING_PACKAGES="${MISSING_PACKAGES} $package"
   fi
 done
@@ -388,12 +388,12 @@ if [ -n "$MISSING_PACKAGES" ] ; then
   echo "the following packages needed by this script are not installed:"
   echo "$MISSING_PACKAGES"
 
-  echo -n "\ndo you want to install the missing packages right now? [y/n] "
-  read confirm
+  printf "\n\ndo you want to install the missing packages right now? [y/n] "
+  read -r confirm
   [ "$confirm" != "y" ] && exit 1
 
   # Make sure all missing required packages are installed
-  apt-get -qq -y install ${MISSING_PACKAGES}
+  apt-get -qq -y install "${MISSING_PACKAGES}"
 fi
 
 # Check if ./bootstrap.d directory exists
@@ -454,7 +454,7 @@ fi
 mkdir -p "${R}"
 
 # Check if build directory has enough of free disk space >512MB
-if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then
+if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
   echo "error: ${BUILDDIR} not enough space left to generate the output image!"
   exit 1
 fi
@@ -532,7 +532,7 @@ if [ "$ENABLE_REDUCE" = true ] ; then
 
   # Add dropbear package instead of openssh-server
   if [ "$REDUCE_SSHD" = true ] ; then
-    APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/openssh-server/dropbear/")"
+    APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
   fi
 fi
 
@@ -675,27 +675,27 @@ if [ "$ENABLE_QEMU" = true ] ; then
 fi
 
 # Calculate size of the chroot directory in KB
-CHROOT_SIZE=$(expr `du -s "${R}" | awk '{ print $1 }'`)
+CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
 
 # Calculate the amount of needed 512 Byte sectors
 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
-ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
+ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
 
 # The root partition is EXT4
 # This means more space than the actual used space of the chroot is used.
 # As overhead for journaling and reserved blocks 35% are added.
-ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
+ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
 
 # Calculate required image size in 512 Byte sectors
-IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})
+IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
 
 # Prepare image file
 if [ "$ENABLE_SPLITFS" = true ] ; then
-  dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=${TABLE_SECTORS}
-  dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek=${FRMW_SECTORS}
-  dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=${TABLE_SECTORS}
-  dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek=${ROOT_SECTORS}
+  dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
+  dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
+  dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
+  dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
 
   # Write firmware/boot partition tables
   sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
@@ -708,11 +708,11 @@ ${TABLE_SECTORS},${ROOT_SECTORS},83
 EOM
 
   # Setup temporary loop devices
-  FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME-frmw.img)"
-  ROOT_LOOP="$(losetup -o 1M -f --show $IMAGE_NAME-root.img)"
+  FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME-frmw.img")"
+  ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME-root.img")"
 else # ENABLE_SPLITFS=false
-  dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=${TABLE_SECTORS}
-  dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek=${IMAGE_SECTORS}
+  dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
+  dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
 
   # Write partition table
   sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
@@ -721,8 +721,8 @@ ${ROOT_OFFSET},${ROOT_SECTORS},83
 EOM
 
   # Setup temporary loop devices
-  FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show $IMAGE_NAME.img)"
-  ROOT_LOOP="$(losetup -o 65M -f --show $IMAGE_NAME.img)"
+  FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME.img")"
+  ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME.img")"
 fi
 
 if [ "$ENABLE_CRYPTFS" = true ] ; then
@@ -747,7 +747,7 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then
   ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
 
   # Wipe encrypted partition (encryption cipher is used for randomness)
-  dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count=$(blockdev --getsz "${ROOT_LOOP}")
+  dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
 fi
 
 # Build filesystems
@@ -774,22 +774,22 @@ if [ "$ENABLE_SPLITFS" = true ] ; then
   bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
 
   # Image was successfully created
-  echo "$IMAGE_NAME-frmw.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
-  echo "$IMAGE_NAME-root.img ($(expr \( ${TABLE_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
+  echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
+  echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
 else
   # Create block map file for "bmaptool"
   bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
 
   # Image was successfully created
-  echo "$IMAGE_NAME.img ($(expr \( ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS} \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
+  echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
 
   # Create qemu qcow2 image
   if [ "$ENABLE_QEMU" = true ] ; then
     QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
     QEMU_SIZE=16G
 
-    qemu-img convert -f raw -O qcow2 $IMAGE_NAME.img $QEMU_IMAGE.qcow2
-    qemu-img resize $QEMU_IMAGE.qcow2 $QEMU_SIZE
+    qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
+    qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
 
     echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
   fi