Merge branch 'dev' into fix-eval-in-logging-helpers

2024-09-03 20:06:10 +02:00 · 2021-10-12 16:49:42 +02:00 · 2021-10-12 16:49:42 +02:00 · 40cc41d68d
commit 40cc41d68d
parent a3c0ca4da6 c060670924
45 changed files with 1577 additions and 1759 deletions
--- a/data/helpers.d/apt
+++ b/data/helpers.d/apt
@ -12,11 +12,9 @@ ynh_wait_dpkg_free() {
    local try
    set +o xtrace # set +x
    # With seq 1 17, timeout will be almost 30 minutes
-    for try in `seq 1 17`
+    for try in $(seq 1 17); do
    do
        # Check if /var/lib/dpkg/lock is used by another process
-        if lsof /var/lib/dpkg/lock > /dev/null
+        if lsof /var/lib/dpkg/lock >/dev/null; then
        then
            echo "apt is already in use..."
            # Sleep an exponential time at each round
            sleep $((try * try))
@ -26,11 +24,9 @@ ynh_wait_dpkg_free() {
            local dpkg_dir="/var/lib/dpkg/updates/"
            # For each file in $dpkg_dir
-            while read dpkg_file <&9
+            while read dpkg_file <&9; do
            do
                # Check if the name of this file contains only numbers.
-                if echo "$dpkg_file" | grep --perl-regexp --quiet "^[[:digit:]]+$"
+                if echo "$dpkg_file" | grep --perl-regexp --quiet "^[[:digit:]]+$"; then
                then
                    # If so, that a remaining of dpkg.
                    ynh_print_err "dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem."
                    set -o xtrace # set -x
@ -84,8 +80,7 @@ ynh_package_version() {
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
-    if ynh_package_is_installed "$package"
+    if ynh_package_is_installed "$package"; then
    then
        dpkg-query --show --showformat='${Version}' "$package" 2>/dev/null
    else
        echo ''
@ -190,12 +185,14 @@ ynh_package_install_from_equivs () {
    # Install missing dependencies with ynh_package_install
    ynh_wait_dpkg_free
    cp "$controlfile" "${TMPDIR}/control"
-    (cd "$TMPDIR"
+    (
        cd "$TMPDIR"
        LC_ALL=C equivs-build ./control 1>/dev/null
-    LC_ALL=C dpkg --force-depends --install "./${pkgname}_${pkgversion}_all.deb" 2>&1 | tee ./dpkg_log)
+        LC_ALL=C dpkg --force-depends --install "./${pkgname}_${pkgversion}_all.deb" 2>&1 | tee ./dpkg_log
    )
-    ynh_package_install --fix-broken || \
+    ynh_package_install --fix-broken \
-        { # If the installation failed
+        || { # If the installation failed
            # (the following is ran inside { } to not start a subshell otherwise ynh_die wouldnt exit the original process)
            # Parse the list of problematic dependencies from dpkg's log ...
            # (relevant lines look like: "foo-ynh-deps depends on bar; however:")
@ -203,7 +200,8 @@ ynh_package_install_from_equivs () {
            # Fake an install of those dependencies to see the errors
            # The sed command here is, Print only from 'Reading state info' to the end.
            [[ -n "$problematic_dependencies" ]] && ynh_package_install $problematic_dependencies --dry-run 2>&1 | sed --quiet '/Reading state info/,$p' | grep -v "fix-broken\|Reading state info" >&2
-        ynh_die --message="Unable to install dependencies"; }
+            ynh_die --message="Unable to install dependencies"
        }
    [[ -n "$TMPDIR" ]] && rm --recursive --force $TMPDIR # Remove the temp dir.
    # check if the package is actually installed
@ -237,8 +235,7 @@ ynh_install_app_dependencies () {
    local dep_app=${app//_/-} # Replace all '_' by '-'
    # Handle specific versions
-    if [[ "$dependencies" =~ [\<=\>] ]]
+    if [[ "$dependencies" =~ [\<=\>] ]]; then
    then
        # Replace version specifications by relationships syntax
        # https://www.debian.org/doc/debian-policy/ch-relationships.html
        # Sed clarification
@ -294,14 +291,11 @@ ynh_install_app_dependencies () {
    # https://github.com/YunoHost/issues/issues/1407
    #
    # If we require to install php dependency
-    if grep --quiet 'php' <<< "$dependencies"
+    if grep --quiet 'php' <<< "$dependencies"; then
    then
        # And we have packages from sury installed (7.0.33-10+weirdshiftafter instead of 7.0.33-0 on debian)
-        if dpkg --list | grep "php7.0" | grep --quiet --invert-match "7.0.33-0+deb9"
+        if dpkg --list | grep "php7.0" | grep --quiet --invert-match "7.0.33-0+deb9"; then
        then
            # And sury ain't already in sources.lists
-            if ! grep --recursive --quiet "^ *deb.*sury" /etc/apt/sources.list*
+            if ! grep --recursive --quiet "^ *deb.*sury" /etc/apt/sources.list*; then
            then
                # Re-add sury
                ynh_add_sury
            fi
@ -383,8 +377,7 @@ ynh_remove_app_dependencies () {
    local dep_app=${app//_/-}	# Replace all '_' by '-'
    local current_dependencies=""
-    if ynh_package_is_installed --package="${dep_app}-ynh-deps"
+    if ynh_package_is_installed --package="${dep_app}-ynh-deps"; then
    then
        current_dependencies="$(dpkg-query --show --showformat='${Depends}' ${dep_app}-ynh-deps) "
        current_dependencies=${current_dependencies// | /|}
    fi
@ -397,8 +390,7 @@ ynh_remove_app_dependencies () {
    local specific_php_version=$(echo $current_dependencies | tr '-' ' ' | grep -o -E "\<php[0-9.]+\>" | sed 's/php//g' | sort | uniq)
    [[ "$specific_php_version" != "$YNH_DEFAULT_PHP_VERSION" ]] || specific_php_version=""
-    if [[ -n "$specific_php_version" ]] && ! ynh_package_is_installed --package="php${specific_php_version}-fpm";
+    if [[ -n "$specific_php_version" ]] && ! ynh_package_is_installed --package="php${specific_php_version}-fpm"; then
    then
        yunohost service remove php${specific_php_version}-fpm
    fi
 }
@ -426,8 +418,7 @@ ynh_install_extra_app_dependencies () {
    key=${key:-}
    # Set a key only if asked
-    if [ -n "$key" ]
+    if [ -n "$key" ]; then
    then
        key="--key=$key"
    fi
    # Add an extra repository for those packages
@ -468,8 +459,7 @@ ynh_install_extra_repo () {
    key=${key:-}
    priority=${priority:-}
-    if [ $append -eq 1 ]
+    if [ $append -eq 1 ]; then
    then
        append="--append"
        wget_append="tee --append"
    else
@ -498,15 +488,13 @@ ynh_install_extra_repo () {
    local pin="${uri#*://}"
    pin="${pin%%/*}"
    # Set a priority only if asked
-    if [ -n "$priority" ]
+    if [ -n "$priority" ]; then
    then
        priority="--priority=$priority"
    fi
    ynh_pin_repo --package="*" --pin="origin \"$pin\"" $priority --name="$name" $append
    # Get the public key for the repo
-    if [ -n "$key" ]
+    if [ -n "$key" ]; then
    then
        mkdir --parents "/etc/apt/trusted.gpg.d"
        # Timeout option is here to enforce the timeout on dns query and tcp connect (c.f. man wget)
        wget --timeout 900 --quiet "$key" --output-document=- | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg >/dev/null
@ -573,8 +561,7 @@ ynh_add_repo () {
    name="${name:-$app}"
    append=${append:-0}
-    if [ $append -eq 1 ]
+    if [ $append -eq 1 ]; then
    then
        append="tee --append"
    else
        append="tee"
@ -616,8 +603,7 @@ ynh_pin_repo () {
    name="${name:-$app}"
    append=${append:-0}
-    if [ $append -eq 1 ]
+    if [ $append -eq 1 ]; then
    then
        append="tee --append"
    else
        append="tee"
--- a/data/helpers.d/backup
+++ b/data/helpers.d/backup
@ -83,10 +83,8 @@ ynh_backup() {
    # If backing up core only (used by ynh_backup_before_upgrade),
    # don't backup big data items
-    if [ $is_big -eq 1 ] && ( [ ${do_not_backup_data:-0} -eq 1 ] || [ $BACKUP_CORE_ONLY -eq 1 ] )
+    if [ $is_big -eq 1 ] && ([ ${do_not_backup_data:-0} -eq 1 ] || [ $BACKUP_CORE_ONLY -eq 1 ]); then
-    then
+        if [ $BACKUP_CORE_ONLY -eq 1 ]; then
        if [ $BACKUP_CORE_ONLY -eq 1 ]
        then
            ynh_print_info --message="$src_path will not be saved, because 'BACKUP_CORE_ONLY' is set."
        else
            ynh_print_info --message="$src_path will not be saved, because 'do_not_backup_data' is set."
@ -98,14 +96,11 @@ ynh_backup() {
    # Format correctly source and destination paths
    # ==============================================================================
    # Be sure the source path is not empty
-    if [ ! -e "$src_path" ]
+    if [ ! -e "$src_path" ]; then
    then
        ynh_print_warn --message="Source path '${src_path}' does not exist"
-        if [ "$not_mandatory" == "0" ]
+        if [ "$not_mandatory" == "0" ]; then
        then
            # This is a temporary fix for fail2ban config files missing after the migration to stretch.
-            if echo "${src_path}" | grep --quiet "/etc/fail2ban"
+            if echo "${src_path}" | grep --quiet "/etc/fail2ban"; then
            then
                touch "${src_path}"
                ynh_print_info --message="The missing file will be replaced by a dummy one for the backup !!!"
            else
@ -123,13 +118,11 @@ ynh_backup() {
    # If there is no destination path, initialize it with the source path
    # relative to "/".
    # eg: src_path=/etc/yunohost -> dest_path=etc/yunohost
-    if [[ -z "$dest_path" ]]
+    if [[ -z "$dest_path" ]]; then
    then
        dest_path="${src_path#/}"
    else
-        if [[ "${dest_path:0:1}" == "/" ]]
+        if [[ "${dest_path:0:1}" == "/" ]]; then
        then
            # If the destination path is an absolute path, transform it as a path
            # relative to the current working directory ($YNH_CWD)
@ -153,8 +146,7 @@ ynh_backup() {
    fi
    # Check if dest_path already exists in tmp archive
-    if [[ -e "${dest_path}" ]]
+    if [[ -e "${dest_path}" ]]; then
    then
        ynh_print_err --message="Destination path '${dest_path}' already exist"
        return 1
    fi
@ -191,9 +183,8 @@ ynh_restore () {
    REL_DIR="${REL_DIR%/}/"
    # For each destination path begining by $REL_DIR
-    cat ${YNH_BACKUP_CSV} | tr --delete $'\r' | grep --only-matching --no-filename --perl-regexp "^\".*\",\"$REL_DIR.*\"$" | \
+    cat ${YNH_BACKUP_CSV} | tr --delete $'\r' | grep --only-matching --no-filename --perl-regexp "^\".*\",\"$REL_DIR.*\"$" \
-    while read line
+        | while read line; do
    do
            local ORIGIN_PATH=$(echo "$line" | grep --only-matching --no-filename --perl-regexp "^\"\K.*(?=\",\".*\"$)")
            local ARCHIVE_PATH=$(echo "$line" | grep --only-matching --no-filename --perl-regexp "^\".*\",\"$REL_DIR\K.*(?=\"$)")
            ynh_restore_file --origin_path="$ARCHIVE_PATH" --dest_path="$ORIGIN_PATH"
@ -261,10 +252,8 @@ ynh_restore_file () {
    local archive_path="$YNH_CWD${origin_path}"
    # If archive_path doesn't exist, search for a corresponding path in CSV
-    if [ ! -d "$archive_path" ] && [ ! -f "$archive_path" ] && [ ! -L "$archive_path" ]
+    if [ ! -d "$archive_path" ] && [ ! -f "$archive_path" ] && [ ! -L "$archive_path" ]; then
-    then
+        if [ "$not_mandatory" == "0" ]; then
        if [ "$not_mandatory" == "0" ]
        then
            archive_path="$YNH_BACKUP_DIR/$(_get_archive_path \"$origin_path\")"
        else
            return 0
@ -272,11 +261,9 @@ ynh_restore_file () {
    fi
    # Move the old directory if it already exists
-    if [[ -e "${dest_path}" ]]
+    if [[ -e "${dest_path}" ]]; then
    then
        # Check if the file/dir size is less than 500 Mo
-        if [[ $(du --summarize --bytes ${dest_path} | cut --delimiter="/" --fields=1) -le "500000000" ]]
+        if [[ $(du --summarize --bytes ${dest_path} | cut --delimiter="/" --fields=1) -le "500000000" ]]; then
        then
            local backup_file="/home/yunohost.conf/backup/${dest_path}.backup.$(date '+%Y%m%d.%H%M%S')"
            mkdir --parents "$(dirname "$backup_file")"
            mv "${dest_path}" "$backup_file" # Move the current file or directory
@ -289,10 +276,8 @@ ynh_restore_file () {
    mkdir --parents $(dirname "$dest_path")
    # Do a copy if it's just a mounting point
-    if mountpoint --quiet $YNH_BACKUP_DIR
+    if mountpoint --quiet $YNH_BACKUP_DIR; then
-    then
+        if [[ -d "${archive_path}" ]]; then
        if [[ -d "${archive_path}" ]]
        then
            archive_path="${archive_path}/."
            mkdir --parents "$dest_path"
        fi
@ -348,8 +333,7 @@ ynh_store_file_checksum () {
    ynh_app_setting_set --app=$app --key=$checksum_setting_name --value=$(md5sum "$file" | cut --delimiter=' ' --fields=1)
    # If backup_file_checksum isn't empty, ynh_backup_if_checksum_is_different has made a backup
-    if [ -n "${backup_file_checksum-}" ]
+    if [ -n "${backup_file_checksum-}" ]; then
    then
        # Print the diff between the previous file and the new one.
        # diff return 1 if the files are different, so the || true
        diff --report-identical-files --unified --color=always $backup_file_checksum $file >&2 || true
@ -380,10 +364,8 @@ ynh_backup_if_checksum_is_different () {
    local checksum_value=$(ynh_app_setting_get --app=$app --key=$checksum_setting_name)
    # backup_file_checksum isn't declare as local, so it can be reuse by ynh_store_file_checksum
    backup_file_checksum=""
-    if [ -n "$checksum_value" ]
+    if [ -n "$checksum_value" ]; then                                                     # Proceed only if a value was stored into the app settings
-    then    # Proceed only if a value was stored into the app settings
+        if [ -e $file ] && ! echo "$checksum_value $file" | md5sum --check --status; then # If the checksum is now different
        if [ -e $file ] && ! echo "$checksum_value $file" | md5sum --check --status
        then    # If the checksum is now different
            backup_file_checksum="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
            mkdir --parents "$(dirname "$backup_file_checksum")"
            cp --archive "$file" "$backup_file_checksum" # Backup the current file
@ -437,8 +419,7 @@ ynh_backup_archive_exists () {
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_backup_before_upgrade() {
-    if [ ! -e "/etc/yunohost/apps/$app/scripts/backup" ]
+    if [ ! -e "/etc/yunohost/apps/$app/scripts/backup" ]; then
    then
        ynh_print_warn --message="This app doesn't have any backup script."
        return
    fi
@ -447,11 +428,9 @@ ynh_backup_before_upgrade () {
    local app_bck=${app//_/-} # Replace all '_' by '-'
    NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
-    if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
+    if [ "$NO_BACKUP_UPGRADE" -eq 0 ]; then
    then
        # Check if a backup already exists with the prefix 1
-        if ynh_backup_archive_exists "$app_bck-pre-upgrade1"
+        if ynh_backup_archive_exists "$app_bck-pre-upgrade1"; then
        then
            # Prefix becomes 2 to preserve the previous backup
            backup_number=2
            old_backup_number=1
@ -459,11 +438,9 @@ ynh_backup_before_upgrade () {
        # Create backup
        BACKUP_CORE_ONLY=1 yunohost backup create --apps $app --name $app_bck-pre-upgrade$backup_number --debug
-        if [ "$?" -eq 0 ]
+        if [ "$?" -eq 0 ]; then
        then
            # If the backup succeeded, remove the previous backup
-            if ynh_backup_archive_exists "$app_bck-pre-upgrade$old_backup_number"
+            if ynh_backup_archive_exists "$app_bck-pre-upgrade$old_backup_number"; then
            then
                # Remove the previous backup only if it exists
                yunohost backup delete $app_bck-pre-upgrade$old_backup_number >/dev/null
            fi
@ -495,11 +472,9 @@ ynh_restore_upgradebackup () {
    NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
-    if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
+    if [ "$NO_BACKUP_UPGRADE" -eq 0 ]; then
    then
        # Check if an existing backup can be found before removing and restoring the application.
-        if ynh_backup_archive_exists "$app_bck-pre-upgrade$backup_number"
+        if ynh_backup_archive_exists "$app_bck-pre-upgrade$backup_number"; then
        then
            # Remove the application then restore it
            yunohost app remove $app
            # Restore the backup
--- a/data/helpers.d/config
+++ b/data/helpers.d/config
@ -1,44 +1,35 @@
 #!/bin/bash
 _ynh_app_config_get_one() {
    local short_setting="$1"
    local type="$2"
    local bind="$3"
    local getter="get__${short_setting}"
    # Get value from getter if exists
-    if type -t $getter 2>/dev/null | grep -q '^function$' 2>/dev/null;
+    if type -t $getter 2>/dev/null | grep -q '^function$' 2>/dev/null; then
    then
        old[$short_setting]="$($getter)"
        formats[${short_setting}]="yaml"
-    elif [[ "$bind" == *"("* ]] && type -t "get__${bind%%(*}" 2>/dev/null | grep -q '^function$' 2>/dev/null;
+    elif [[ "$bind" == *"("* ]] && type -t "get__${bind%%(*}" 2>/dev/null | grep -q '^function$' 2>/dev/null; then
    then
        old[$short_setting]="$("get__${bind%%(*}" $short_setting $type $bind)"
        formats[${short_setting}]="yaml"
-    elif [[ "$bind" == "null" ]]
+    elif [[ "$bind" == "null" ]]; then
    then
        old[$short_setting]="YNH_NULL"
    # Get value from app settings or from another file
-    elif [[ "$type" == "file" ]]
+    elif [[ "$type" == "file" ]]; then
-    then
+        if [[ "$bind" == "settings" ]]; then
        if [[ "$bind" == "settings" ]]
        then
            ynh_die --message="File '${short_setting}' can't be stored in settings"
        fi
        old[$short_setting]="$(ls "$(echo $bind | sed s@__FINALPATH__@$final_path@ | sed s/__APP__/$app/)" 2>/dev/null || echo YNH_NULL)"
        file_hash[$short_setting]="true"
    # Get multiline text from settings or from a full file
-    elif [[ "$type" == "text" ]]
+    elif [[ "$type" == "text" ]]; then
-    then
+        if [[ "$bind" == "settings" ]]; then
        if [[ "$bind" == "settings" ]]
        then
            old[$short_setting]="$(ynh_app_setting_get $app $short_setting)"
-        elif [[ "$bind" == *":"* ]]
+        elif [[ "$bind" == *":"* ]]; then
        then
            ynh_die --message="For technical reasons, multiline text '${short_setting}' can't be stored automatically  in a variable file, you have to create custom getter/setter"
        else
            old[$short_setting]="$(cat $(echo $bind | sed s@__FINALPATH__@$final_path@ | sed s/__APP__/$app/) 2>/dev/null || echo YNH_NULL)"
@ -47,14 +38,12 @@ _ynh_app_config_get_one() {
    # Get value from a kind of key/value file
    else
        local bind_after=""
-        if [[ "$bind" == "settings" ]]
+        if [[ "$bind" == "settings" ]]; then
        then
            bind=":/etc/yunohost/apps/$app/settings.yml"
        fi
        local bind_key_="$(echo "$bind" | cut -d: -f1)"
        bind_key_=${bind_key_:-$short_setting}
-        if [[ "$bind_key_" == *">"* ]];
+        if [[ "$bind_key_" == *">"* ]]; then
        then
            bind_after="$(echo "${bind_key_}" | cut -d'>' -f1)"
            bind_key_="$(echo "${bind_key_}" | cut -d'>' -f2)"
        fi
@ -68,39 +57,31 @@ _ynh_app_config_apply_one() {
    local setter="set__${short_setting}"
    local bind="${binds[$short_setting]}"
    local type="${types[$short_setting]}"
-    if [ "${changed[$short_setting]}" == "true" ]
+    if [ "${changed[$short_setting]}" == "true" ]; then
    then
        # Apply setter if exists
-        if type -t $setter 2>/dev/null | grep -q '^function$' 2>/dev/null;
+        if type -t $setter 2>/dev/null | grep -q '^function$' 2>/dev/null; then
        then
            $setter
-        elif [[ "$bind" == *"("* ]] && type -t "set__${bind%%(*}" 2>/dev/null | grep -q '^function$' 2>/dev/null;
+        elif [[ "$bind" == *"("* ]] && type -t "set__${bind%%(*}" 2>/dev/null | grep -q '^function$' 2>/dev/null; then
        then
            "set__${bind%%(*}" $short_setting $type $bind
-        elif [[ "$bind" == "null" ]]
+        elif [[ "$bind" == "null" ]]; then
-        then
+            return
            continue
        # Save in a file
-        elif [[ "$type" == "file" ]]
+        elif [[ "$type" == "file" ]]; then
-        then
+            if [[ "$bind" == "settings" ]]; then
            if [[ "$bind" == "settings" ]]
            then
                ynh_die --message="File '${short_setting}' can't be stored in settings"
            fi
            local bind_file="$(echo "$bind" | sed s@__FINALPATH__@$final_path@ | sed s/__APP__/$app/)"
-            if [[ "${!short_setting}" == "" ]]
+            if [[ "${!short_setting}" == "" ]]; then
            then
                ynh_backup_if_checksum_is_different --file="$bind_file"
                ynh_secure_remove --file="$bind_file"
                ynh_delete_file_checksum --file="$bind_file" --update_only
                ynh_print_info --message="File '$bind_file' removed"
            else
                ynh_backup_if_checksum_is_different --file="$bind_file"
-                if [[ "${!short_setting}" != "$bind_file" ]]
+                if [[ "${!short_setting}" != "$bind_file" ]]; then
                then
                    cp "${!short_setting}" "$bind_file"
                fi
                ynh_store_file_checksum --file="$bind_file" --update_only
@ -108,16 +89,13 @@ _ynh_app_config_apply_one() {
            fi
        # Save value in app settings
-        elif [[ "$bind" == "settings" ]]
+        elif [[ "$bind" == "settings" ]]; then
        then
            ynh_app_setting_set --app=$app --key=$short_setting --value="${!short_setting}"
            ynh_print_info --message="Configuration key '$short_setting' edited in app settings"
        # Save multiline text in a file
-        elif [[ "$type" == "text" ]]
+        elif [[ "$type" == "text" ]]; then
-        then
+            if [[ "$bind" == *":"* ]]; then
            if [[ "$bind" == *":"* ]]
            then
                ynh_die --message="For technical reasons, multiline text '${short_setting}' can't be stored automatically  in a variable file, you have to create custom getter/setter"
            fi
            local bind_file="$(echo "$bind" | sed s@__FINALPATH__@$final_path@ | sed s/__APP__/$app/)"
@ -131,8 +109,7 @@ _ynh_app_config_apply_one() {
            local bind_after=""
            local bind_key_="$(echo "$bind" | cut -d: -f1)"
            bind_key_=${bind_key_:-$short_setting}
-            if [[ "$bind_key_" == *">"* ]];
+            if [[ "$bind_key_" == *">"* ]]; then
            then
                bind_after="$(echo "${bind_key_}" | cut -d'>' -f1)"
                bind_key_="$(echo "${bind_key_}" | cut -d'>' -f2)"
            fi
@ -152,7 +129,8 @@ _ynh_app_config_apply_one() {
 _ynh_app_config_get() {
    # From settings
    local lines
-    lines=$(python3 << EOL
+    lines=$(
        python3 <<EOL
 import toml
 from collections import OrderedDict
 with open("../config_panel.toml", "r") as f:
@ -173,8 +151,7 @@ for panel_name, panel in loaded_toml.items():
                ]))
 EOL
    )
-    for line in $lines
+    for line in $lines; do
    do
        # Split line into short_setting, type and bind
        IFS=';' read short_setting type bind <<<"$line"
        binds[${short_setting}]="$bind"
@ -184,23 +161,18 @@ EOL
        ynh_app_config_get_one $short_setting $type $bind
    done
 }
 _ynh_app_config_apply() {
-    for short_setting in "${!old[@]}"
+    for short_setting in "${!old[@]}"; do
    do
        ynh_app_config_apply_one $short_setting
    done
 }
 _ynh_app_config_show() {
-    for short_setting in "${!old[@]}"
+    for short_setting in "${!old[@]}"; do
-    do
+        if [[ "${old[$short_setting]}" != YNH_NULL ]]; then
-        if [[ "${old[$short_setting]}" != YNH_NULL ]]
+            if [[ "${formats[$short_setting]}" == "yaml" ]]; then
        then
            if [[ "${formats[$short_setting]}" == "yaml" ]]
            then
                ynh_return "${short_setting}:"
                ynh_return "$(echo "${old[$short_setting]}" | sed 's/^/  /g')"
            else
@ -216,48 +188,39 @@ _ynh_app_config_validate() {
    ynh_script_progression --message="Checking what changed in the new configuration..." --weight=1
    local nothing_changed=true
    local changes_validated=true
-    for short_setting in "${!old[@]}"
+    for short_setting in "${!old[@]}"; do
    do
        changed[$short_setting]=false
-        if [ -z ${!short_setting+x} ]
+        if [ -z ${!short_setting+x} ]; then
        then
            # Assign the var with the old value in order to allows multiple
            # args validation
            declare "$short_setting"="${old[$short_setting]}"
            continue
        fi
-        if [ ! -z "${file_hash[${short_setting}]}" ]
+        if [ ! -z "${file_hash[${short_setting}]}" ]; then
        then
            file_hash[old__$short_setting]=""
            file_hash[new__$short_setting]=""
-            if [ -f "${old[$short_setting]}" ]
+            if [ -f "${old[$short_setting]}" ]; then
            then
                file_hash[old__$short_setting]=$(sha256sum "${old[$short_setting]}" | cut -d' ' -f1)
-                if [ -z "${!short_setting}" ]
+                if [ -z "${!short_setting}" ]; then
                then
                    changed[$short_setting]=true
                    nothing_changed=false
                fi
            fi
-            if [ -f "${!short_setting}" ]
+            if [ -f "${!short_setting}" ]; then
            then
                file_hash[new__$short_setting]=$(sha256sum "${!short_setting}" | cut -d' ' -f1)
-                if [[ "${file_hash[old__$short_setting]}" != "${file_hash[new__$short_setting]}" ]]
+                if [[ "${file_hash[old__$short_setting]}" != "${file_hash[new__$short_setting]}" ]]; then
                then
                    changed[$short_setting]=true
                    nothing_changed=false
                fi
            fi
        else
-            if [[ "${!short_setting}" != "${old[$short_setting]}" ]]
+            if [[ "${!short_setting}" != "${old[$short_setting]}" ]]; then
            then
                changed[$short_setting]=true
                nothing_changed=false
            fi
        fi
    done
-    if [[ "$nothing_changed" == "true" ]]
+    if [[ "$nothing_changed" == "true" ]]; then
    then
        ynh_print_info --message="Nothing has changed"
        exit 0
    fi
@ -265,19 +228,15 @@ _ynh_app_config_validate() {
    # Run validation if something is changed
    ynh_script_progression --message="Validating the new configuration..." --weight=1
-    for short_setting in "${!old[@]}"
+    for short_setting in "${!old[@]}"; do
    do
        [[ "${changed[$short_setting]}" == "false" ]] && continue
        local result=""
-        if type -t validate__$short_setting | grep -q '^function$' 2>/dev/null;
+        if type -t validate__$short_setting | grep -q '^function$' 2>/dev/null; then
        then
            result="$(validate__$short_setting)"
-        elif [[ "$bind" == *"("* ]] && type -t "validate__${bind%%(*}" 2>/dev/null | grep -q '^function$' 2>/dev/null;
+        elif [[ "$bind" == *"("* ]] && type -t "validate__${bind%%(*}" 2>/dev/null | grep -q '^function$' 2>/dev/null; then
        then
            "validate__${bind%%(*}" $short_setting
        fi
-        if [ -n "$result" ]
+        if [ -n "$result" ]; then
        then
            #
            # Return a yaml such as:
            #
@ -287,8 +246,7 @@ _ynh_app_config_validate() {
            #
            # We use changes_validated to know if this is
            # the first validation error
-            if [[ "$changes_validated" == true ]]
+            if [[ "$changes_validated" == true ]]; then
            then
                ynh_return "validation_errors:"
            fi
            ynh_return "  ${short_setting}: \"$result\""
@ -298,8 +256,7 @@ _ynh_app_config_validate() {
    # If validation failed, exit the script right now (instead of going into apply)
    # Yunohost core will pick up the errors returned via ynh_return previously
-    if [[ "$changes_validated" == "false" ]]
+    if [[ "$changes_validated" == "false" ]]; then
    then
        exit 0
    fi
@ -354,4 +311,3 @@ ynh_app_config_run() {
        ;;
    esac
 }
--- a/data/helpers.d/fail2ban
+++ b/data/helpers.d/fail2ban
@ -81,8 +81,7 @@ ynh_add_fail2ban_config () {
    [[ -z "$others_var" ]] || ynh_print_warn --message="Packagers: using --others_var is unecessary since YunoHost 4.2"
-    if [ $use_template -ne 1 ]
+    if [ $use_template -ne 1 ]; then
    then
        # Usage 1, no template. Build a config file from scratch.
        test -n "$logpath" || ynh_die --message="ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
        test -n "$failregex" || ynh_die --message="ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
@ -111,8 +110,7 @@ ignoreregex =
    ynh_systemd_action --service_name=fail2ban --action=reload --line_match="(Started|Reloaded) Fail2Ban Service" --log_path=systemd
    local fail2ban_error="$(journalctl --no-hostname --unit=fail2ban | tail --lines=50 | grep "WARNING.*$app.*")"
-    if [[ -n "$fail2ban_error" ]]
+    if [[ -n "$fail2ban_error" ]]; then
    then
        ynh_print_err --message="Fail2ban failed to load the jail for $app"
        ynh_print_warn --message="${fail2ban_error#*WARNING}"
    fi
--- a/data/helpers.d/getopts
+++ b/data/helpers.d/getopts
@ -48,8 +48,7 @@
 ynh_handle_getopts_args() {
    # Manage arguments only if there's some provided
    set +o xtrace # set +x
-    if [ $# -ne 0 ]
+    if [ $# -ne 0 ]; then
    then
        # Store arguments in an array to keep each argument separated
        local arguments=("$@")
@ -58,14 +57,12 @@ ynh_handle_getopts_args () {
        # ${!args_array[@]} is the list of all option_flags in the array (An option_flag is 'u' in [u]=user, user is a value)
        local getopts_parameters=""
        local option_flag=""
-        for option_flag in "${!args_array[@]}"
+        for option_flag in "${!args_array[@]}"; do
        do
            # Concatenate each option_flags of the array to build the string of arguments for getopts
            # Will looks like 'abcd' for -a -b -c -d
            # If the value of an option_flag finish by =, it's an option with additionnal values. (e.g. --user bob or -u bob)
            # Check the last character of the value associate to the option_flag
-            if [ "${args_array[$option_flag]: -1}" = "=" ]
+            if [ "${args_array[$option_flag]: -1}" = "=" ]; then
            then
                # For an option with additionnal values, add a ':' after the letter for getopts.
                getopts_parameters="${getopts_parameters}${option_flag}:"
            else
@ -74,8 +71,7 @@ ynh_handle_getopts_args () {
            # Check each argument given to the function
            local arg=""
            # ${#arguments[@]} is the size of the array
-            for arg in `seq 0 $(( ${#arguments[@]} - 1 ))`
+            for arg in $(seq 0 $((${#arguments[@]} - 1))); do
            do
                # Escape options' values starting with -. Otherwise the - will be considered as another option.
                arguments[arg]="${arguments[arg]//--${args_array[$option_flag]}-/--${args_array[$option_flag]}\\TOBEREMOVED\\-}"
                # And replace long option (value of the option_flag) by the short option, the option_flag itself
@ -91,8 +87,7 @@ ynh_handle_getopts_args () {
        # Use a function here, to use standart arguments $@ and be able to use shift.
        parse_arg() {
            # Read all arguments, until no arguments are left
-            while [ $# -ne 0 ]
+            while [ $# -ne 0 ]; do
            do
                # Initialize the index of getopts
                OPTIND=1
                # Parse with getopts only if the argument begin by -, that means the argument is an option
@ -100,11 +95,9 @@ ynh_handle_getopts_args () {
                local parameter=""
                getopts ":$getopts_parameters" parameter || true
-                if [ "$parameter" = "?" ]
+                if [ "$parameter" = "?" ]; then
                then
                    ynh_die --message="Invalid argument: -${OPTARG:-}"
-                elif [ "$parameter" = ":" ]
+                elif [ "$parameter" = ":" ]; then
                then
                    ynh_die --message="-$OPTARG parameter requires an argument."
                else
                    local shift_value=1
@ -115,8 +108,7 @@ ynh_handle_getopts_args () {
                    local option_var="${args_array[$parameter]%=}"
                    # If this option doesn't take values
                    # if there's a '=' at the end of the long option name, this option takes values
-                    if [ "${args_array[$parameter]: -1}" != "=" ]
+                    if [ "${args_array[$parameter]: -1}" != "=" ]; then
                    then
                        # 'eval ${option_var}' will use the content of 'option_var'
                        eval ${option_var}=1
                    else
@ -126,14 +118,12 @@ ynh_handle_getopts_args () {
                        # If the first argument is longer than 2 characters,
                        # There's a value attached to the option, in the same array cell
-                        if [ ${#all_args[0]} -gt 2 ]
+                        if [ ${#all_args[0]} -gt 2 ]; then
                        then
                            # Remove the option and the space, so keep only the value itself.
                            all_args[0]="${all_args[0]#-${parameter} }"
                            # At this point, if all_args[0] start with "-", then the argument is not well formed
-                            if [ "${all_args[0]:0:1}" == "-" ]
+                            if [ "${all_args[0]:0:1}" == "-" ]; then
                            then
                                ynh_die --message="Argument \"${all_args[0]}\" not valid! Did you use a single \"-\" instead of two?"
                            fi
                            # Reduce the value of shift, because the option has been removed manually
@ -144,23 +134,19 @@ ynh_handle_getopts_args () {
                        eval ${option_var}=""
                        # Then read the array value per value
                        local i
-                        for i in `seq 0 $(( ${#all_args[@]} - 1 ))`
+                        for i in $(seq 0 $((${#all_args[@]} - 1))); do
                        do
                            # If this argument is an option, end here.
-                            if [ "${all_args[$i]:0:1}" == "-" ]
+                            if [ "${all_args[$i]:0:1}" == "-" ]; then
                            then
                                # Ignore the first value of the array, which is the option itself
                                if [ "$i" -ne 0 ]; then
                                    break
                                fi
                            else
                                # Ignore empty parameters
-                                if [ -n "${all_args[$i]}" ]
+                                if [ -n "${all_args[$i]}" ]; then
                                then
                                    # Else, add this value to this option
                                    # Each value will be separated by ';'
-                                    if [ -n "${!option_var}" ]
+                                    if [ -n "${!option_var}" ]; then
                                    then
                                        # If there's already another value for this option, add a ; before adding the new value
                                        eval ${option_var}+="\;"
                                    fi
@ -190,22 +176,21 @@ ynh_handle_getopts_args () {
        # LEGACY MODE
        # Check if there's getopts arguments
-        if [ "${arguments[0]:0:1}" != "-" ]
+        if [ "${arguments[0]:0:1}" != "-" ]; then
        then
            # If not, enter in legacy mode and manage the arguments as positionnal ones..
            # Dot not echo, to prevent to go through a helper output. But print only in the log.
-            set -x; echo "! Helper used in legacy mode !" > /dev/null; set +x
+            set -x
            echo "! Helper used in legacy mode !" >/dev/null
            set +x
            local i
-            for i in `seq 0 $(( ${#arguments[@]} -1 ))`
+            for i in $(seq 0 $((${#arguments[@]} - 1))); do
            do
                # Try to use legacy_args as a list of option_flag of the array args_array
                # Otherwise, fallback to getopts_parameters to get the option_flag. But an associative arrays isn't always sorted in the correct order...
                # Remove all ':' in getopts_parameters
-                getopts_parameters=${legacy_args:-${getopts_parameters//:}}
+                getopts_parameters=${legacy_args:-${getopts_parameters//:/}}
                # Get the option_flag from getopts_parameters, by using the option_flag according to the position of the argument.
                option_flag=${getopts_parameters:$i:1}
-                if [ -z "$option_flag" ]
+                if [ -z "$option_flag" ]; then
                then
                    ynh_print_warn --message="Too many arguments ! \"${arguments[$i]}\" will be ignored."
                    continue
                fi
--- a/data/helpers.d/hardware
+++ b/data/helpers.d/hardware
@ -25,41 +25,34 @@ ynh_get_ram () {
    free=${free:-0}
    total=${total:-0}
-    if [ $free -eq $total ]
+    if [ $free -eq $total ]; then
    then
        ynh_print_warn --message="You have to choose --free or --total when using ynh_get_ram"
        ram=0
    # Use the total amount of ram
-    elif [ $free -eq 1 ]
+    elif [ $free -eq 1 ]; then
    then
        local free_ram=$(vmstat --stats --unit M | grep "free memory" | awk '{print $1}')
        local free_swap=$(vmstat --stats --unit M | grep "free swap" | awk '{print $1}')
        local free_ram_swap=$((free_ram + free_swap))
        # Use the total amount of free ram
        local ram=$free_ram_swap
-        if [ $ignore_swap -eq 1 ]
+        if [ $ignore_swap -eq 1 ]; then
        then
            # Use only the amount of free ram
            ram=$free_ram
-        elif [ $only_swap -eq 1 ]
+        elif [ $only_swap -eq 1 ]; then
        then
            # Use only the amount of free swap
            ram=$free_swap
        fi
-    elif [ $total -eq 1 ]
+    elif [ $total -eq 1 ]; then
    then
        local total_ram=$(vmstat --stats --unit M | grep "total memory" | awk '{print $1}')
        local total_swap=$(vmstat --stats --unit M | grep "total swap" | awk '{print $1}')
        local total_ram_swap=$((total_ram + total_swap))
        local ram=$total_ram_swap
-        if [ $ignore_swap -eq 1 ]
+        if [ $ignore_swap -eq 1 ]; then
        then
            # Use only the amount of free ram
            ram=$total_ram
-        elif [ $only_swap -eq 1 ]
+        elif [ $only_swap -eq 1 ]; then
        then
            # Use only the amount of free swap
            ram=$total_swap
        fi
@ -100,8 +93,7 @@ ynh_require_ram () {
    local ram=$(ynh_get_ram $free $total $ignore_swap $only_swap)
-    if [ $ram -lt $required ]
+    if [ $ram -lt $required ]; then
    then
        return 1
    else
        return 0
--- a/data/helpers.d/logging
+++ b/data/helpers.d/logging
@ -252,8 +252,7 @@ ynh_script_progression () {
    base_time=$(date +%s)
    # Compute $max_progression (if we didn't already)
-    if [ "$max_progression" = -1 ]
+    if [ "$max_progression" = -1 ]; then
    then
        # Get the number of occurrences of 'ynh_script_progression' in the script. Except those are commented.
        local helper_calls="$(grep --count "^[^#]*ynh_script_progression" $0)"
        # Get the number of call with a weight value
@ -265,7 +264,7 @@ ynh_script_progression () {
        local weight_valuesB="$(grep --perl-regexp "^[^#]*ynh_script_progression.*-w " $0 | sed 's/.*-w[= ]\([[:digit:]]*\).*/\1/g')"
        # Each value will be on a different line.
        # Remove each 'end of line' and replace it by a '+' to sum the values.
-        local weight_values=$(( $(echo "$weight_valuesA" | tr '\n' '+') + $(echo "$weight_valuesB" | tr '\n' '+') 0 ))
+        local weight_values=$(($(echo "$weight_valuesA" "$weight_valuesB" | grep -v -E '^\s*$' | tr '\n' '+' | sed 's/+$/+0/g')))
        # max_progression is a total number of calls to this helper.
        # 	Less the number of calls with a weight value.
@ -279,8 +278,7 @@ ynh_script_progression () {
    previous_weight=$weight
    # Reduce $increment_progression to the size of the scale
-    if [ $last -eq 0 ]
+    if [ $last -eq 0 ]; then
    then
        local effective_progression=$(($increment_progression * $progress_scale / $max_progression))
    # If last is specified, fill immediately the progression_bar
    else
@ -290,8 +288,7 @@ ynh_script_progression () {
    # Build $progression_bar from progress_string(0,1,2) according to $effective_progression and the weight of the current task
    # expected_progression is the progression expected after the current task
    local expected_progression="$((($increment_progression + $weight) * $progress_scale / $max_progression - $effective_progression))"
-    if [ $last -eq 1 ]
+    if [ $last -eq 1 ]; then
    then
        expected_progression=0
    fi
    # left_progression is the progression not yet done
@ -300,8 +297,7 @@ ynh_script_progression () {
    local progression_bar="${progress_string2:0:$effective_progression}${progress_string1:0:$expected_progression}${progress_string0:0:$left_progression}"
    local print_exec_time=""
-    if [ $time -eq 1 ]
+    if [ $time -eq 1 ]; then
    then
        print_exec_time=" [$(date +%Hh%Mm,%Ss --date="0 + $exec_time sec")]"
    fi
--- a/data/helpers.d/logrotate
+++ b/data/helpers.d/logrotate
@ -30,22 +30,18 @@ ynh_use_logrotate () {
    specific_user="${specific_user:-}"
    # LEGACY CODE - PRE GETOPTS
-    if [ $# -gt 0 ] && [ "$1" == "--non-append" ]
+    if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then
    then
        nonappend=1
        # Destroy this argument for the next command.
        shift
-    elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]
+    elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then
    then
        nonappend=1
    fi
-    if [ $# -gt 0 ] && [ "$(echo ${1:0:1})" != "-" ]
+    if [ $# -gt 0 ] && [ "$(echo ${1:0:1})" != "-" ]; then
    then
        # If the given logfile parameter already exists as a file, or if it ends up with ".log",
        # we just want to manage a single file
-        if [ -f "$1" ] || [ "$(echo ${1##*.})" == "log" ]
+        if [ -f "$1" ] || [ "$(echo ${1##*.})" == "log" ]; then
        then
            local logfile=$1
        # Otherwise we assume we want to manage a directory and all its .log file inside
        else
@ -58,8 +54,7 @@ ynh_use_logrotate () {
    if [ "$nonappend" -eq 1 ]; then
        customtee="tee"
    fi
-    if [ -n "$logfile" ]
+    if [ -n "$logfile" ]; then
    then
        if [ ! -f "$1" ] && [ "$(echo ${logfile##*.})" != "log" ]; then # Keep only the extension to check if it's a logfile
            local logfile="$logfile/*.log"                              # Else, uses the directory and all logfile into it.
        fi
@ -67,8 +62,7 @@ ynh_use_logrotate () {
        logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log
    fi
    local su_directive=""
-    if [[ -n $specific_user ]]
+    if [[ -n $specific_user ]]; then
    then
        su_directive="	# Run logorotate as specific user - group
    su ${specific_user%/*} ${specific_user#*/}"
    fi
@ -101,7 +95,6 @@ EOF
        chown $app:$app "$logfile"
        chmod o-rwx "$logfile"
    fi
 }
 # Remove the app's logrotate config.
--- a/data/helpers.d/multimedia
+++ b/data/helpers.d/multimedia
@ -22,8 +22,7 @@ ynh_multimedia_build_main_dir() {
    mkdir -p "$MEDIA_DIRECTORY/share/eBook"
    ## Création des dossiers utilisateurs
-    for user in $(yunohost user list --output-as json | jq -r '.users | keys[]')
+    for user in $(yunohost user list --output-as json | jq -r '.users | keys[]'); do
    do
        mkdir -p "$MEDIA_DIRECTORY/$user"
        mkdir -p "$MEDIA_DIRECTORY/$user/Music"
        mkdir -p "$MEDIA_DIRECTORY/$user/Picture"
--- a/data/helpers.d/mysql
+++ b/data/helpers.d/mysql
@ -43,8 +43,7 @@ ynh_mysql_execute_as_root() {
    ynh_handle_getopts_args "$@"
    database="${database:-}"
-    if [ -n "$database" ]
+    if [ -n "$database" ]; then
    then
        database="--database=$database"
    fi
@ -68,8 +67,7 @@ ynh_mysql_execute_file_as_root() {
    ynh_handle_getopts_args "$@"
    database="${database:-}"
-    if [ -n "$database" ]
+    if [ -n "$database" ]; then
    then
        database="--database=$database"
    fi
@ -92,8 +90,7 @@ ynh_mysql_create_db() {
    local sql="CREATE DATABASE ${db};"
    # grant all privilegies to user
-    if [[ $# -gt 1 ]]
+    if [[ $# -gt 1 ]]; then
    then
        sql+=" GRANT ALL PRIVILEGES ON ${db}.* TO '${2}'@'localhost'"
        if [[ -n ${3:-} ]]; then
            sql+=" IDENTIFIED BY '${3}'"
@ -160,8 +157,7 @@ ynh_mysql_create_user() {
 # | ret: 0 if the user exists, 1 otherwise.
 #
 # Requires YunoHost version 2.2.4 or higher.
-ynh_mysql_user_exists()
+ynh_mysql_user_exists() {
 {
    # Declare an array to define the options of this helper.
    local legacy_args=u
    local -A args_array=([u]=user=)
@ -169,8 +165,7 @@ ynh_mysql_user_exists()
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
-    if [[ -z $(ynh_mysql_execute_as_root --sql="SELECT User from mysql.user WHERE User = '$user';") ]]
+    if [[ -z $(ynh_mysql_execute_as_root --sql="SELECT User from mysql.user WHERE User = '$user';") ]]; then
    then
        return 1
    else
        return 0
--- a/data/helpers.d/network
+++ b/data/helpers.d/network
@ -18,8 +18,7 @@ ynh_find_port () {
    ynh_handle_getopts_args "$@"
    test -n "$port" || ynh_die --message="The argument of ynh_find_port must be a valid port."
-    while ! ynh_port_available --port=$port
+    while ! ynh_port_available --port=$port; do
    do
        port=$((port + 1))
    done
    echo $port
@ -43,19 +42,16 @@ ynh_port_available () {
    ynh_handle_getopts_args "$@"
    # Check if the port is free
-    if ss --numeric --listening --tcp --udp | awk '{print$5}' | grep --quiet --extended-regexp ":$port$"
+    if ss --numeric --listening --tcp --udp | awk '{print$5}' | grep --quiet --extended-regexp ":$port$"; then
    then
        return 1
    # This is to cover (most) case where an app is using a port yet ain't currently using it for some reason (typically service ain't up)
-    elif grep -q "port: '$port'" /etc/yunohost/apps/*/settings.yml
+    elif grep -q "port: '$port'" /etc/yunohost/apps/*/settings.yml; then
    then
        return 1
    else
        return 0
    fi
 }
 # Validate an IP address
 #
 # [internal]
@ -66,8 +62,7 @@ ynh_port_available () {
 # example: ynh_validate_ip 4 111.222.333.444
 #
 # Requires YunoHost version 2.2.4 or higher.
-ynh_validate_ip()
+ynh_validate_ip() {
 {
    # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
    # Declare an array to define the options of this helper.
@ -101,8 +96,7 @@ EOF
 # example: ynh_validate_ip4 111.222.333.444
 #
 # Requires YunoHost version 2.2.4 or higher.
-ynh_validate_ip4()
+ynh_validate_ip4() {
 {
    # Declare an array to define the options of this helper.
    local legacy_args=i
    local -A args_array=([i]=ip_address=)
@ -113,7 +107,6 @@ ynh_validate_ip4()
    ynh_validate_ip --family=4 --ip_address=$ip_address
 }
 # Validate an IPv6 address
 #
 # usage: ynh_validate_ip6 --ip_address=ip_address
@ -123,8 +116,7 @@ ynh_validate_ip4()
 # example: ynh_validate_ip6 2000:dead:beef::1
 #
 # Requires YunoHost version 2.2.4 or higher.
-ynh_validate_ip6()
+ynh_validate_ip6() {
 {
    # Declare an array to define the options of this helper.
    local legacy_args=i
    local -A args_array=([i]=ip_address=)
--- a/data/helpers.d/nginx
+++ b/data/helpers.d/nginx
@ -20,8 +20,7 @@ ynh_add_nginx_config () {
    local finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
-    if [ "${path_url:-}" != "/" ]
+    if [ "${path_url:-}" != "/" ]; then
    then
        ynh_replace_string --match_string="^#sub_path_only" --replace_string="" --target_file="$YNH_APP_BASEDIR/conf/nginx.conf"
    else
        ynh_replace_string --match_string="^#root_path_only" --replace_string="" --target_file="$YNH_APP_BASEDIR/conf/nginx.conf"
@ -29,7 +28,6 @@ ynh_add_nginx_config () {
    ynh_add_config --template="$YNH_APP_BASEDIR/conf/nginx.conf" --destination="$finalnginxconf"
    ynh_systemd_action --service_name=nginx --action=reload
 }
--- a/data/helpers.d/nodejs
+++ b/data/helpers.d/nodejs
@ -21,8 +21,10 @@ SOURCE_SUM=d4da7ea91f680de0c9b5876e097e2a793e8234fcd0f7ca87a0599b925be087a3" > "
    # Download and extract n
    ynh_setup_source --dest_dir="$n_install_dir/git" --source_id=n
    # Install n
-    (cd "$n_install_dir/git"
+    (
-    PREFIX=$N_PREFIX make install 2>&1)
+        cd "$n_install_dir/git"
        PREFIX=$N_PREFIX make install 2>&1
    )
 }
 # Load the version of node for an app, and set variables.
@ -132,11 +134,9 @@ ynh_install_nodejs () {
    test -x /usr/bin/npm && mv /usr/bin/npm /usr/bin/npm_n
    # If n is not previously setup, install it
-    if ! $n_install_dir/bin/n --version > /dev/null 2>&1
+    if ! $n_install_dir/bin/n --version >/dev/null 2>&1; then
    then
        ynh_install_n
-    elif dpkg --compare-versions "$($n_install_dir/bin/n --version)" lt $n_version
+    elif dpkg --compare-versions "$($n_install_dir/bin/n --version)" lt $n_version; then
    then
        ynh_install_n
    fi
@ -152,8 +152,7 @@ ynh_install_nodejs () {
    # Install the requested version of nodejs
    uname=$(uname --machine)
-    if [[ $uname =~ aarch64 || $uname =~ arm64 ]]
+    if [[ $uname =~ aarch64 || $uname =~ arm64 ]]; then
    then
        n $nodejs_version --arch=arm64
    else
        n $nodejs_version
@ -164,8 +163,7 @@ ynh_install_nodejs () {
    real_nodejs_version=$(basename $real_nodejs_version)
    # Create a symbolic link for this major version if the file doesn't already exist
-    if [ ! -e "$node_version_path/$nodejs_version" ]
+    if [ ! -e "$node_version_path/$nodejs_version" ]; then
    then
        ln --symbolic --force --no-target-directory $node_version_path/$real_nodejs_version $node_version_path/$nodejs_version
    fi
@ -197,14 +195,12 @@ ynh_remove_nodejs () {
    sed --in-place "/$YNH_APP_INSTANCE_NAME:$nodejs_version/d" "$n_install_dir/ynh_app_version"
    # If no other app uses this version of nodejs, remove it.
-    if ! grep --quiet "$nodejs_version" "$n_install_dir/ynh_app_version"
+    if ! grep --quiet "$nodejs_version" "$n_install_dir/ynh_app_version"; then
    then
        $n_install_dir/bin/n rm $nodejs_version
    fi
    # If no other app uses n, remove n
-    if [ ! -s "$n_install_dir/ynh_app_version" ]
+    if [ ! -s "$n_install_dir/ynh_app_version" ]; then
    then
        ynh_secure_remove --file="$n_install_dir"
        ynh_secure_remove --file="/usr/local/n"
        sed --in-place "/N_PREFIX/d" /root/.bashrc
--- a/data/helpers.d/permission
+++ b/data/helpers.d/permission
@ -84,13 +84,11 @@ ynh_permission_create() {
    show_tile=${show_tile:-}
    protected=${protected:-}
-    if [[ -n $url ]]
+    if [[ -n $url ]]; then
    then
        url=",url='$url'"
    fi
-    if [[ -n $additional_urls ]]
+    if [[ -n $additional_urls ]]; then
    then
        # Convert a list from getopts to python list
        # Note that getopts separate the args with ';'
        # By example:
@ -100,18 +98,15 @@ ynh_permission_create() {
        additional_urls=",additional_urls=['${additional_urls//;/\',\'}']"
    fi
-    if [[ -n $auth_header ]]
+    if [[ -n $auth_header ]]; then
-    then
+        if [ $auth_header == "true" ]; then
        if [ $auth_header == "true" ]
        then
            auth_header=",auth_header=True"
        else
            auth_header=",auth_header=False"
        fi
    fi
-    if [[ -n $allowed ]]
+    if [[ -n $allowed ]]; then
    then
        # Convert a list from getopts to python list
        # Note that getopts separate the args with ';'
        # By example:
@ -127,20 +122,16 @@ ynh_permission_create() {
        label=",label='$permission'"
    fi
-    if [[ -n ${show_tile:-} ]]
+    if [[ -n ${show_tile:-} ]]; then
-    then
+        if [ $show_tile == "true" ]; then
        if [ $show_tile == "true" ]
        then
            show_tile=",show_tile=True"
        else
            show_tile=",show_tile=False"
        fi
    fi
-    if [[ -n ${protected:-} ]]
+    if [[ -n ${protected:-} ]]; then
-    then
+        if [ $protected == "true" ]; then
        if [ $protected == "true" ]
        then
            protected=",protected=True"
        else
            protected=",protected=False"
@ -215,13 +206,11 @@ ynh_permission_url() {
    auth_header=${auth_header:-}
    clear_urls=${clear_urls:-}
-    if [[ -n $url ]]
+    if [[ -n $url ]]; then
    then
        url=",url='$url'"
    fi
-    if [[ -n $add_url ]]
+    if [[ -n $add_url ]]; then
    then
        # Convert a list from getopts to python list
        # Note that getopts separate the args with ';'
        # For example:
@ -231,8 +220,7 @@ ynh_permission_url() {
        add_url=",add_url=['${add_url//;/\',\'}']"
    fi
-    if [[ -n $remove_url ]]
+    if [[ -n $remove_url ]]; then
    then
        # Convert a list from getopts to python list
        # Note that getopts separate the args with ';'
        # For example:
@ -242,25 +230,21 @@ ynh_permission_url() {
        remove_url=",remove_url=['${remove_url//;/\',\'}']"
    fi
-    if [[ -n $auth_header ]]
+    if [[ -n $auth_header ]]; then
-    then
+        if [ $auth_header == "true" ]; then
        if [ $auth_header == "true" ]
        then
            auth_header=",auth_header=True"
        else
            auth_header=",auth_header=False"
        fi
    fi
-    if [[ -n $clear_urls ]] && [ $clear_urls -eq 1 ]
+    if [[ -n $clear_urls ]] && [ $clear_urls -eq 1 ]; then
    then
        clear_urls=",clear_urls=True"
    fi
    yunohost tools shell -c "from yunohost.permission import permission_url; permission_url('$app.$permission' $url $add_url $remove_url $auth_header $clear_urls)"
 }
 # Update a permission for the app
 #
 # usage: ynh_permission_update --permission "permission" [--add="group" ["group" ...]] [--remove="group" ["group" ...]]
@ -290,8 +274,7 @@ ynh_permission_update() {
    show_tile=${show_tile:-}
    protected=${protected:-}
-    if [[ -n $add ]]
+    if [[ -n $add ]]; then
    then
        # Convert a list from getopts to python list
        # Note that getopts separate the args with ';'
        # For example:
@ -300,8 +283,7 @@ ynh_permission_update() {
        # add=['alice', 'bob']
        add=",add=['${add//';'/"','"}']"
    fi
-    if [[ -n $remove ]]
+    if [[ -n $remove ]]; then
    then
        # Convert a list from getopts to python list
        # Note that getopts separate the args with ';'
        # For example:
@ -311,15 +293,12 @@ ynh_permission_update() {
        remove=",remove=['${remove//';'/"','"}']"
    fi
-    if [[ -n $label ]]
+    if [[ -n $label ]]; then
    then
        label=",label='$label'"
    fi
-    if [[ -n $show_tile ]]
+    if [[ -n $show_tile ]]; then
-    then
+        if [ $show_tile == "true" ]; then
        if [ $show_tile == "true" ]
        then
            show_tile=",show_tile=True"
        else
            show_tile=",show_tile=False"
@ -327,8 +306,7 @@ ynh_permission_update() {
    fi
    if [[ -n $protected ]]; then
-        if [ $protected == "true" ]
+        if [ $protected == "true" ]; then
        then
            protected=",protected=True"
        else
            protected=",protected=False"
@ -357,17 +335,14 @@ ynh_permission_has_user() {
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
-    if ! ynh_permission_exists --permission=$permission
+    if ! ynh_permission_exists --permission=$permission; then
    then
        return 1
    fi
    # Check both allowed and corresponding_users sections in the json
-    for section in "allowed" "corresponding_users"
+    for section in "allowed" "corresponding_users"; do
    do
        if yunohost user permission info "$app.$permission" --output-as json --quiet \
-            | jq -e --arg user $user --arg section $section '.[$section] | index($user)' >/dev/null
+            | jq -e --arg user $user --arg section $section '.[$section] | index($user)' >/dev/null; then
        then
            return 0
        fi
    done
@ -382,8 +357,7 @@ ynh_permission_has_user() {
 #
 # Requires YunoHost version 4.1.2 or higher.
 ynh_legacy_permissions_exists() {
-    for permission in "skipped" "unprotected" "protected"
+    for permission in "skipped" "unprotected" "protected"; do
    do
        if ynh_permission_exists --permission="legacy_${permission}_uris"; then
            return 0
        fi
@ -403,8 +377,7 @@ ynh_legacy_permissions_exists () {
 #   fi
 # Requires YunoHost version 4.1.2 or higher.
 ynh_legacy_permissions_delete_all() {
-    for permission in "skipped" "unprotected" "protected"
+    for permission in "skipped" "unprotected" "protected"; do
    do
        if ynh_permission_exists --permission="legacy_${permission}_uris"; then
            ynh_permission_delete --permission="legacy_${permission}_uris"
        fi
--- a/data/helpers.d/php
+++ b/data/helpers.d/php
@ -86,8 +86,7 @@ ynh_add_fpm_config () {
    local old_phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
    # If the PHP version changed, remove the old fpm conf
-    if [ -n "$old_phpversion" ] && [ "$old_phpversion" != "$phpversion" ]
+    if [ -n "$old_phpversion" ] && [ "$old_phpversion" != "$phpversion" ]; then
    then
        local old_php_fpm_config_dir=$(ynh_app_setting_get --app=$app --key=fpm_config_dir)
        local old_php_finalphpconf="$old_php_fpm_config_dir/pool.d/$app.conf"
@ -97,25 +96,21 @@ ynh_add_fpm_config () {
    fi
    # If the requested PHP version is not the default version for YunoHost
-    if [ "$phpversion" != "$YNH_DEFAULT_PHP_VERSION" ]
+    if [ "$phpversion" != "$YNH_DEFAULT_PHP_VERSION" ]; then
    then
        # If the argument --package is used, add the packages to ynh_install_php to install them from sury
-        if [ -n "$package" ]
+        if [ -n "$package" ]; then
        then
            local additionnal_packages="--package=$package"
        else
            local additionnal_packages=""
        fi
        # Install this specific version of PHP.
        ynh_install_php --phpversion="$phpversion" "$additionnal_packages"
-    elif [ -n "$package" ]
+    elif [ -n "$package" ]; then
    then
        # Install the additionnal packages from the default repository
        ynh_install_app_dependencies "$package"
    fi
-    if [ $dedicated_service -eq 1 ]
+    if [ $dedicated_service -eq 1 ]; then
    then
        local fpm_service="${app}-phpfpm"
        local fpm_config_dir="/etc/php/$phpversion/dedicated-fpm"
    else
@ -132,12 +127,10 @@ ynh_add_fpm_config () {
    ynh_app_setting_set --app=$app --key=phpversion --value=$phpversion
    # Migrate from mutual PHP service to dedicated one.
-    if [ $dedicated_service -eq 1 ]
+    if [ $dedicated_service -eq 1 ]; then
    then
        local old_fpm_config_dir="/etc/php/$phpversion/fpm"
        # If a config file exist in the common pool, move it.
-        if [ -e "$old_fpm_config_dir/pool.d/$app.conf" ]
+        if [ -e "$old_fpm_config_dir/pool.d/$app.conf" ]; then
        then
            ynh_print_info --message="Migrate to a dedicated php-fpm service for $app."
            # Create a backup of the old file before migration
            ynh_backup_if_checksum_is_different --file="$old_fpm_config_dir/pool.d/$app.conf"
@ -148,8 +141,7 @@ ynh_add_fpm_config () {
        fi
    fi
-    if [ $use_template -eq 1 ]
+    if [ $use_template -eq 1 ]; then
    then
        # Usage 1, use the template in conf/php-fpm.conf
        local phpfpm_path="$YNH_APP_BASEDIR/conf/php-fpm.conf"
        # Make sure now that the template indeed exists
@ -183,16 +175,14 @@ pm.max_requests = 500
 request_terminate_timeout = 1d
 " >$phpfpm_path
-        if [ "$php_pm" = "dynamic" ]
+        if [ "$php_pm" = "dynamic" ]; then
        then
            echo "
 pm.start_servers = __PHP_START_SERVERS__
 pm.min_spare_servers = __PHP_MIN_SPARE_SERVERS__
 pm.max_spare_servers = __PHP_MAX_SPARE_SERVERS__
 " >>$phpfpm_path
-        elif [ "$php_pm" = "ondemand" ]
+        elif [ "$php_pm" = "ondemand" ]; then
        then
            echo "
 pm.process_idle_timeout = 10s
 " >>$phpfpm_path
@ -207,14 +197,12 @@ pm.process_idle_timeout = 10s
    local finalphpconf="$fpm_config_dir/pool.d/$app.conf"
    ynh_add_config --template="$phpfpm_path" --destination="$finalphpconf"
-    if [ -e "$YNH_APP_BASEDIR/conf/php-fpm.ini" ]
+    if [ -e "$YNH_APP_BASEDIR/conf/php-fpm.ini" ]; then
    then
        ynh_print_warn --message="Packagers ! Please do not use a separate php ini file, merge your directives in the pool file instead."
        ynh_add_config --template="$YNH_APP_BASEDIR/conf/php-fpm.ini" --destination="$fpm_config_dir/conf.d/20-$app.ini"
    fi
-    if [ $dedicated_service -eq 1 ]
+    if [ $dedicated_service -eq 1 ]; then
    then
        # Create a dedicated php-fpm.conf for the service
        local globalphpconf=$fpm_config_dir/php-fpm-$app.conf
@ -252,8 +240,7 @@ WantedBy=multi-user.target
        ynh_systemd_action --service_name=$fpm_service --action=restart
    else
        # Validate that the new php conf doesn't break php-fpm entirely
-        if ! php-fpm${phpversion} --test 2>/dev/null
+        if ! php-fpm${phpversion} --test 2>/dev/null; then
        then
            php-fpm${phpversion} --test || true
            ynh_secure_remove --file="$finalphpconf"
            ynh_die --message="The new configuration broke php-fpm?"
@ -279,20 +266,17 @@ ynh_remove_fpm_config () {
    phpversion="${phpversion:-$YNH_DEFAULT_PHP_VERSION}"
    # Assume default PHP files if not set
-    if [ -z "$fpm_config_dir" ]
+    if [ -z "$fpm_config_dir" ]; then
    then
        fpm_config_dir="/etc/php/$YNH_DEFAULT_PHP_VERSION/fpm"
        fpm_service="php$YNH_DEFAULT_PHP_VERSION-fpm"
    fi
    ynh_secure_remove --file="$fpm_config_dir/pool.d/$app.conf"
-    if [ -e $fpm_config_dir/conf.d/20-$app.ini ]
+    if [ -e $fpm_config_dir/conf.d/20-$app.ini ]; then
    then
        ynh_secure_remove --file="$fpm_config_dir/conf.d/20-$app.ini"
    fi
-    if [ $dedicated_service -eq 1 ]
+    if [ $dedicated_service -eq 1 ]; then
    then
        # Remove the dedicated service PHP-FPM service for the app
        ynh_remove_systemd_config --service=$fpm_service
        # Remove the global PHP-FPM conf
@ -304,8 +288,7 @@ ynh_remove_fpm_config () {
    fi
    # If the PHP version used is not the default version for YunoHost
-    if [ "$phpversion" != "$YNH_DEFAULT_PHP_VERSION" ]
+    if [ "$phpversion" != "$YNH_DEFAULT_PHP_VERSION" ]; then
    then
        # Remove this specific version of PHP
        ynh_remove_php
    fi
@ -330,8 +313,7 @@ ynh_install_php () {
    ynh_handle_getopts_args "$@"
    package=${package:-}
-    if [ "$phpversion" == "$YNH_DEFAULT_PHP_VERSION" ]
+    if [ "$phpversion" == "$YNH_DEFAULT_PHP_VERSION" ]; then
    then
        ynh_die --message="Do not use ynh_install_php to install php$YNH_DEFAULT_PHP_VERSION"
    fi
@ -383,38 +365,30 @@ ynh_get_scalable_phpfpm () {
    usage=${usage,,}
    print=${print:-0}
-    if [ "$footprint" = "low" ]
+    if [ "$footprint" = "low" ]; then
    then
        footprint=20
-    elif [ "$footprint" = "medium" ]
+    elif [ "$footprint" = "medium" ]; then
    then
        footprint=35
-    elif [ "$footprint" = "high" ]
+    elif [ "$footprint" = "high" ]; then
    then
        footprint=50
    fi
    # Define the factor to determine min_spare_servers
    # to avoid having too few children ready to start for heavy apps
-    if [ $footprint -le 20 ]
+    if [ $footprint -le 20 ]; then
    then
        min_spare_servers_factor=8
-    elif [ $footprint -le 35 ]
+    elif [ $footprint -le 35 ]; then
    then
        min_spare_servers_factor=5
    else
        min_spare_servers_factor=3
    fi
    # Define the way the process manager handle child processes.
-    if [ "$usage" = "low" ]
+    if [ "$usage" = "low" ]; then
    then
        php_pm=ondemand
-    elif [ "$usage" = "medium" ]
+    elif [ "$usage" = "medium" ]; then
    then
        php_pm=dynamic
-    elif [ "$usage" = "high" ]
+    elif [ "$usage" = "high" ]; then
    then
        php_pm=static
    else
        ynh_die --message="Does not recognize '$usage' as an usage value."
@ -425,8 +399,7 @@ ynh_get_scalable_phpfpm () {
    at_least_one() {
        # Do not allow value below 1
-        if [ $1 -le 0 ]
+        if [ $1 -le 0 ]; then
        then
            echo 1
        else
            echo $1
@ -439,8 +412,7 @@ ynh_get_scalable_phpfpm () {
    php_max_children=$(($max_ram / 2 / $footprint))
    # If process manager is set as static, use half less children.
    # Used as static, there's always as many children as the value of pm.max_children
-    if [ "$php_pm" = "static" ]
+    if [ "$php_pm" = "static" ]; then
    then
        php_max_children=$(($php_max_children / 2))
    fi
    php_max_children=$(at_least_one $php_max_children)
@ -448,8 +420,7 @@ ynh_get_scalable_phpfpm () {
    # To not overload the proc, limit the number of children to 4 times the number of cores.
    local core_number=$(nproc)
    local max_proc=$(($core_number * 4))
-    if [ $php_max_children -gt $max_proc ]
+    if [ $php_max_children -gt $max_proc ]; then
    then
        php_max_children=$max_proc
    fi
@ -459,8 +430,7 @@ ynh_get_scalable_phpfpm () {
        php_max_children=$php_forced_max_children
    fi
-    if [ "$php_pm" = "dynamic" ]
+    if [ "$php_pm" = "dynamic" ]; then
    then
        # Define pm.start_servers, pm.min_spare_servers and pm.max_spare_servers for a dynamic process manager
        php_min_spare_servers=$(($php_max_children / $min_spare_servers_factor))
        php_min_spare_servers=$(at_least_one $php_min_spare_servers)
@ -476,27 +446,22 @@ ynh_get_scalable_phpfpm () {
        php_start_servers=0
    fi
-    if [ $print -eq 1 ]
+    if [ $print -eq 1 ]; then
    then
        ynh_print_warn --message="Footprint=${footprint}Mb by pool."
        ynh_print_warn --message="Process manager=$php_pm"
        ynh_print_warn --message="Max RAM=${max_ram}Mb"
-        if [ "$php_pm" != "static" ]
+        if [ "$php_pm" != "static" ]; then
        then
            ynh_print_warn --message="\nMax estimated footprint=$(($php_max_children * $footprint))"
            ynh_print_warn --message="Min estimated footprint=$(($php_min_spare_servers * $footprint))"
        fi
-        if [ "$php_pm" = "dynamic" ]
+        if [ "$php_pm" = "dynamic" ]; then
        then
            ynh_print_warn --message="Estimated average footprint=$(($php_max_spare_servers * $footprint))"
-        elif [ "$php_pm" = "static" ]
+        elif [ "$php_pm" = "static" ]; then
        then
            ynh_print_warn --message="Estimated footprint=$(($php_max_children * $footprint))"
        fi
        ynh_print_warn --message="\nRaw php-fpm values:"
        ynh_print_warn --message="pm.max_children = $php_max_children"
-        if [ "$php_pm" = "dynamic" ]
+        if [ "$php_pm" = "dynamic" ]; then
        then
            ynh_print_warn --message="pm.start_servers = $php_start_servers"
            ynh_print_warn --message="pm.min_spare_servers = $php_min_spare_servers"
            ynh_print_warn --message="pm.max_spare_servers = $php_max_spare_servers"
--- a/data/helpers.d/postgresql
+++ b/data/helpers.d/postgresql
@ -46,8 +46,7 @@ ynh_psql_execute_as_root() {
    ynh_handle_getopts_args "$@"
    database="${database:-}"
-    if [ -n "$database" ]
+    if [ -n "$database" ]; then
    then
        database="--database=$database"
    fi
@ -72,8 +71,7 @@ ynh_psql_execute_file_as_root() {
    ynh_handle_getopts_args "$@"
    database="${database:-}"
-    if [ -n "$database" ]
+    if [ -n "$database" ]; then
    then
        database="--database=$database"
    fi
@ -175,8 +173,7 @@ ynh_psql_user_exists() {
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
-    if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT rolname FROM pg_roles WHERE rolname='$user';" | grep --quiet "$user"
+    if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT rolname FROM pg_roles WHERE rolname='$user';" | grep --quiet "$user"; then
    then
        return 1
    else
        return 0
@ -198,8 +195,7 @@ ynh_psql_database_exists() {
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
-    if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT datname FROM pg_database WHERE datname='$database';" | grep --quiet "$database"
+    if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT datname FROM pg_database WHERE datname='$database';" | grep --quiet "$database"; then
    then
        return 1
    else
        return 0
@ -269,16 +265,14 @@ ynh_psql_remove_db() {
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
-    if ynh_psql_database_exists --database=$db_name
+    if ynh_psql_database_exists --database=$db_name; then # Check if the database exists
    then # Check if the database exists
        ynh_psql_drop_db $db_name                         # Remove the database
    else
        ynh_print_warn --message="Database $db_name not found"
    fi
    # Remove psql user if it exists
-    if ynh_psql_user_exists --user=$db_user
+    if ynh_psql_user_exists --user=$db_user; then
    then
        ynh_psql_drop_user $db_user
    else
        ynh_print_warn --message="User $db_user not found"
@ -310,8 +304,7 @@ ynh_psql_test_if_first_run() {
    # If this is the very first time, we define the root password
    # and configure a few things
-    if [ ! -f "$PSQL_ROOT_PWD_FILE" ]
+    if [ ! -f "$PSQL_ROOT_PWD_FILE" ]; then
    then
        local pg_hba=/etc/postgresql/$PSQL_VERSION/main/pg_hba.conf
        local psql_root_password="$(ynh_string_random)"
--- a/data/helpers.d/setting
+++ b/data/helpers.d/setting
@ -76,8 +76,7 @@ ynh_app_setting_delete() {
 #
 # [internal]
 #
-ynh_app_setting()
+ynh_app_setting() {
 {
    set +o xtrace # set +x
    ACTION="$1" APP="$2" KEY="$3" VALUE="${4:-}" python3 - <<EOF
 import os, yaml, sys
--- a/data/helpers.d/systemd
+++ b/data/helpers.d/systemd
@ -49,8 +49,7 @@ ynh_remove_systemd_config () {
    local service="${service:-$app}"
    local finalsystemdconf="/etc/systemd/system/$service.service"
-    if [ -e "$finalsystemdconf" ]
+    if [ -e "$finalsystemdconf" ]; then
    then
        ynh_systemd_action --service_name=$service --action=stop
        systemctl disable $service --quiet
        ynh_secure_remove --file="$finalsystemdconf"
@ -89,18 +88,15 @@ ynh_systemd_action() {
    timeout=${timeout:-300}
    # Manage case of service already stopped
-    if [ "$action" == "stop" ] && ! systemctl is-active --quiet $service_name
+    if [ "$action" == "stop" ] && ! systemctl is-active --quiet $service_name; then
    then
        return 0
    fi
    # Start to read the log
-    if [[ -n "$line_match" ]]
+    if [[ -n "$line_match" ]]; then
    then
        local templog="$(mktemp)"
        # Following the starting of the app in its log
-        if [ "$log_path" == "systemd" ]
+        if [ "$log_path" == "systemd" ]; then
        then
            # Read the systemd journal
            journalctl --unit=$service_name --follow --since=-0 --quiet >"$templog" &
            # Get the PID of the journalctl command
@ -119,13 +115,11 @@ ynh_systemd_action() {
    fi
    # If the service fails to perform the action
-    if ! systemctl $action $service_name
+    if ! systemctl $action $service_name; then
    then
        # Show syslog for this service
        ynh_exec_err journalctl --quiet --no-hostname --no-pager --lines=$length --unit=$service_name
        # If a log is specified for this service, show also the content of this log
-        if [ -e "$log_path" ]
+        if [ -e "$log_path" ]; then
        then
            ynh_exec_err tail --lines=$length "$log_path"
        fi
        ynh_clean_check_starting
@ -133,15 +127,12 @@ ynh_systemd_action() {
    fi
    # Start the timeout and try to find line_match
-    if [[ -n "${line_match:-}" ]]
+    if [[ -n "${line_match:-}" ]]; then
    then
        set +x
        local i=0
-        for i in $(seq 1 $timeout)
+        for i in $(seq 1 $timeout); do
        do
            # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
-            if grep --extended-regexp --quiet "$line_match" "$templog"
+            if grep --extended-regexp --quiet "$line_match" "$templog"; then
            then
                ynh_print_info --message="The service $service_name has correctly executed the action ${action}."
                break
            fi
@ -154,13 +145,11 @@ ynh_systemd_action() {
        if [ $i -ge 3 ]; then
            echo "" >&2
        fi
-        if [ $i -eq $timeout ]
+        if [ $i -eq $timeout ]; then
        then
            ynh_print_warn --message="The service $service_name didn't fully executed the action ${action} before the timeout."
            ynh_print_warn --message="Please find here an extract of the end of the log of the service $service_name:"
            ynh_exec_warn journalctl --quiet --no-hostname --no-pager --lines=$length --unit=$service_name
-            if [ -e "$log_path" ]
+            if [ -e "$log_path" ]; then
            then
                ynh_print_warn --message="\-\-\-"
                ynh_exec_warn tail --lines=$length "$log_path"
            fi
@ -175,13 +164,11 @@ ynh_systemd_action() {
 #
 # Requires YunoHost version 3.5.0 or higher.
 ynh_clean_check_starting() {
-    if [ -n "${pid_tail:-}" ]
+    if [ -n "${pid_tail:-}" ]; then
    then
        # Stop the execution of tail.
        kill -SIGTERM $pid_tail 2>&1
    fi
-    if [ -n "${templog:-}" ]
+    if [ -n "${templog:-}" ]; then
    then
        ynh_secure_remove --file="$templog" 2>&1
    fi
 }
--- a/data/helpers.d/user
+++ b/data/helpers.d/user
@ -123,16 +123,14 @@ ynh_system_user_create () {
    home_dir="${home_dir:-}"
    groups="${groups:-}"
-    if ! ynh_system_user_exists "$username"	# Check if the user exists on the system
+    if ! ynh_system_user_exists "$username"; then # Check if the user exists on the system
-    then	# If the user doesn't exist
+        # If the user doesn't exist
-        if [ -n "$home_dir" ]
+        if [ -n "$home_dir" ]; then # If a home dir is mentioned
        then	# If a home dir is mentioned
            local user_home_dir="--home-dir $home_dir"
        else
            local user_home_dir="--no-create-home"
        fi
-        if [ $use_shell -eq 1 ]
+        if [ $use_shell -eq 1 ]; then # If we want a shell for the user
        then	# If we want a shell for the user
            local shell=""            # Use default shell
        else
            local shell="--shell /usr/sbin/nologin"
@ -141,8 +139,7 @@ ynh_system_user_create () {
    fi
    local group
-    for group in $groups
+    for group in $groups; do
    do
        usermod -a -G "$group" "$username"
    done
 }
@ -162,16 +159,14 @@ ynh_system_user_delete () {
    ynh_handle_getopts_args "$@"
    # Check if the user exists on the system
-    if ynh_system_user_exists "$username"
+    if ynh_system_user_exists "$username"; then
    then
        deluser $username
    else
        ynh_print_warn --message="The user $username was not found"
    fi
    # Check if the group exists on the system
-    if ynh_system_group_exists "$username"
+    if ynh_system_group_exists "$username"; then
    then
        delgroup $username
    fi
 }
--- a/data/helpers.d/utils
+++ b/data/helpers.d/utils
@ -133,15 +133,13 @@ ynh_setup_source () {
        src_filename="${source_id}.${src_format}"
    fi
    # (Unused?) mecanism where one can have the file in a special local cache to not have to download it...
    local local_src="/opt/yunohost-apps-src/${YNH_APP_ID}/${src_filename}"
    mkdir -p /var/cache/yunohost/download/${YNH_APP_ID}/
    src_filename="/var/cache/yunohost/download/${YNH_APP_ID}/${src_filename}"
-    if test -e "$local_src"
+    if test -e "$local_src"; then
    then
        cp $local_src $src_filename
    else
        [ -n "$src_url" ] || ynh_die "Couldn't parse SOURCE_URL from $src_file_path ?"
@ -162,15 +160,12 @@ ynh_setup_source () {
    # Keep files to be backup/restored at the end of the helper
    # Assuming $dest_dir already exists
    rm -rf /var/cache/yunohost/files_to_keep_during_setup_source/
-    if [ -n "$keep" ] && [ -e "$dest_dir" ]
+    if [ -n "$keep" ] && [ -e "$dest_dir" ]; then
    then
        local keep_dir=/var/cache/yunohost/files_to_keep_during_setup_source/${YNH_APP_ID}
        mkdir -p $keep_dir
        local stuff_to_keep
-        for stuff_to_keep in $keep
+        for stuff_to_keep in $keep; do
-        do
+            if [ -e "$dest_dir/$stuff_to_keep" ]; then
            if [ -e "$dest_dir/$stuff_to_keep" ]
            then
                mkdir --parents "$(dirname "$keep_dir/$stuff_to_keep")"
                cp --archive "$dest_dir/$stuff_to_keep" "$keep_dir/$stuff_to_keep"
            fi
@ -180,20 +175,16 @@ ynh_setup_source () {
    # Extract source into the app dir
    mkdir --parents "$dest_dir"
-    if [ -n "${final_path:-}" ] && [ "$dest_dir" == "$final_path" ]
+    if [ -n "${final_path:-}" ] && [ "$dest_dir" == "$final_path" ]; then
    then
        _ynh_apply_default_permissions $dest_dir
    fi
-    if ! "$src_extract"
+    if ! "$src_extract"; then
    then
        mv $src_filename $dest_dir
-    elif [ "$src_format" = "zip" ]
+    elif [ "$src_format" = "zip" ]; then
    then
        # Zip format
        # Using of a temp directory, because unzip doesn't manage --strip-components
-        if $src_in_subdir
+        if $src_in_subdir; then
        then
            local tmp_dir=$(mktemp --directory)
            unzip -quo $src_filename -d "$tmp_dir"
            cp --archive $tmp_dir/*/. "$dest_dir"
@ -204,18 +195,15 @@ ynh_setup_source () {
        ynh_secure_remove --file="$src_filename"
    else
        local strip=""
-        if [ "$src_in_subdir" != "false" ]
+        if [ "$src_in_subdir" != "false" ]; then
-        then
+            if [ "$src_in_subdir" == "true" ]; then
            if [ "$src_in_subdir" == "true" ]
            then
                local sub_dirs=1
            else
                local sub_dirs="$src_in_subdir"
            fi
            strip="--strip-components $sub_dirs"
        fi
-        if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]]
+        if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]]; then
        then
            tar --extract --file=$src_filename --directory="$dest_dir" $strip
        else
            ynh_die --message="Archive format unrecognized."
@ -224,17 +212,16 @@ ynh_setup_source () {
    fi
    # Apply patches
-    if [ -d "$YNH_APP_BASEDIR/sources/patches/" ]
+    if [ -d "$YNH_APP_BASEDIR/sources/patches/" ]; then
    then
        local patches_folder=$(realpath $YNH_APP_BASEDIR/sources/patches/)
-        if (( $(find $patches_folder -type f -name "${source_id}-*.patch" 2> /dev/null | wc --lines) > "0" ))
+        if (($(find $patches_folder -type f -name "${source_id}-*.patch" 2>/dev/null | wc --lines) > "0")); then
-        then
+            (
-            (cd "$dest_dir"
+                cd "$dest_dir"
-            for p in $patches_folder/${source_id}-*.patch
+                for p in $patches_folder/${source_id}-*.patch; do
            do
                    echo $p
                    patch --strip=1 <$p
-            done) || ynh_die --message="Unable to apply patches"
+                done
            ) || ynh_die --message="Unable to apply patches"
        fi
    fi
@ -245,14 +232,11 @@ ynh_setup_source () {
    # Keep files to be backup/restored at the end of the helper
    # Assuming $dest_dir already exists
-    if [ -n "$keep" ]
+    if [ -n "$keep" ]; then
    then
        local keep_dir=/var/cache/yunohost/files_to_keep_during_setup_source/${YNH_APP_ID}
        local stuff_to_keep
-        for stuff_to_keep in $keep
+        for stuff_to_keep in $keep; do
-        do
+            if [ -e "$keep_dir/$stuff_to_keep" ]; then
            if [ -e "$keep_dir/$stuff_to_keep" ]
            then
                mkdir --parents "$(dirname "$dest_dir/$stuff_to_keep")"
                cp --archive "$keep_dir/$stuff_to_keep" "$dest_dir/$stuff_to_keep"
            fi
@ -290,12 +274,10 @@ ynh_local_curl () {
    # Concatenate all other arguments with '&' to prepare POST data
    local POST_data=""
    local arg=""
-    for arg in "${@:2}"
+    for arg in "${@:2}"; do
    do
        POST_data="${POST_data}${arg}&"
    done
-    if [ -n "$POST_data" ]
+    if [ -n "$POST_data" ]; then
    then
        # Add --data arg and remove the last character, which is an unecessary '&'
        POST_data="--data ${POST_data::-1}"
    fi
@ -423,8 +405,7 @@ ynh_replace_vars () {
    ynh_handle_getopts_args "$@"
    # Replace specific YunoHost variables
-    if test -n "${path_url:-}"
+    if test -n "${path_url:-}"; then
    then
        # path_url_slash_less is path_url, or a blank value if path_url is only '/'
        local path_url_slash_less=${path_url%/}
        ynh_replace_string --match_string="__PATH__/" --replace_string="$path_url_slash_less/" --target_file="$file"
@ -452,8 +433,7 @@ ynh_replace_vars () {
    # Do the replacement
    local delimit=@
-    for one_var in "${uniques_vars[@]}"
+    for one_var in "${uniques_vars[@]}"; do
    do
        # Validate that one_var is indeed defined
        # -v checks if the variable is defined, for example:
        #     -v FOO  tests if $FOO is defined
@ -523,11 +503,9 @@ ynh_read_var_in_file() {
    # Get the line number after which we search for the variable
    local line_number=1
-    if [[ -n "$after" ]];
+    if [[ -n "$after" ]]; then
    then
        line_number=$(grep -n $after $file | cut -d: -f1)
-        if [[ -z "$line_number" ]];
+        if [[ -z "$line_number" ]]; then
        then
            set -o xtrace # set -x
            return 1
        fi
@ -564,7 +542,7 @@ ynh_read_var_in_file() {
    fi
    # Remove comments if needed
-    local expression="$(echo "$expression_with_comment" | sed "s@$comments[^$string]*\$@@g" | sed "s@\s*[$endline]*\s*]*\$@@")"
+    local expression="$(echo "$expression_with_comment" | sed "s@${comments}[^$string]*\$@@g" | sed "s@\s*[$endline]*\s*]*\$@@")"
    local first_char="${expression:0:1}"
    if [[ "$first_char" == '"' ]]; then
@ -603,11 +581,9 @@ ynh_write_var_in_file() {
    # Get the line number after which we search for the variable
    local line_number=1
-    if [[ -n "$after" ]];
+    if [[ -n "$after" ]]; then
    then
        line_number=$(grep -n $after $file | cut -d: -f1)
-        if [[ -z "$line_number" ]];
+        if [[ -z "$line_number" ]]; then
        then
            set -o xtrace # set -x
            return 1
        fi
@ -644,7 +620,7 @@ ynh_write_var_in_file() {
    fi
    # Remove comments if needed
-    local expression="$(echo "$expression_with_comment" | sed "s@$comments[^$string]*\$@@g" | sed "s@\s*[$endline]*\s*]*\$@@")"
+    local expression="$(echo "$expression_with_comment" | sed "s@${comments}[^$string]*\$@@g" | sed "s@\s*[$endline]*\s*]*\$@@")"
    endline=${expression_with_comment#"$expression"}
    endline="$(echo "$endline" | sed 's/\\/\\\\/g')"
    value="$(echo "$value" | sed 's/\\/\\\\/g')"
@ -673,7 +649,6 @@ ynh_write_var_in_file() {
    set -o xtrace # set -x
 }
 # Render templates with Jinja2
 #
 # [internal]
@ -724,6 +699,28 @@ properly with chmod/chown."
    echo $TMP_DIR
 }
 _acceptable_path_to_delete() {
    local file=$1
    local forbidden_paths=$(ls -d / /* /{var,home,usr}/* /etc/{default,sudoers.d,yunohost,cron*})
    # Legacy : A couple apps still have data in /home/$app ...
    if [[ -n "$app" ]]
    then
        forbidden_paths=$(echo "$forbidden_paths" | grep -v "/home/$app")
    fi
    # Use realpath to normalize the path ..
    # i.e convert ///foo//bar//..///baz//// to /foo/baz
    file=$(realpath --no-symlinks "$file")
    if [ -z "$file" ] || grep -q -x -F "$file" <<< "$forbidden_paths"; then
        return 1
    else
        return 0
    fi
 }
 # Remove a file or a directory securely
 #
 # usage: ynh_secure_remove --file=path_to_remove
@ -739,31 +736,18 @@ ynh_secure_remove () {
    ynh_handle_getopts_args "$@"
    set +o xtrace # set +x
-    local forbidden_path=" \
+    if [ $# -ge 2 ]; then
    /var/www \
    /home/yunohost.app"
    if [ $# -ge 2 ]
    then
        ynh_print_warn --message="/!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time."
    fi
-    if [[ -z "$file" ]]
+    if [[ -z "$file" ]]; then
    then
        ynh_print_warn --message="ynh_secure_remove called with empty argument, ignoring."
-    elif [[ "$forbidden_path" =~ "$file" \
+    elif [[ ! -e $file ]]; then
        # Match all paths or subpaths in $forbidden_path
        || "$file" =~ ^/[[:alnum:]]+$ \
        # Match all first level paths from / (Like /var, /root, etc...)
        || "${file:${#file}-1}" = "/" ]]
        # Match if the path finishes by /. Because it seems there is an empty variable
    then
        ynh_print_warn --message="Not deleting '$file' because it is not an acceptable path to delete."
    elif [ -e "$file" ]
    then
        rm --recursive "$file"
    else
        ynh_print_info --message="'$file' wasn't deleted because it doesn't exist."
    elif ! _acceptable_path_to_delete "$file"; then
        ynh_print_warn --message="Not deleting '$file' because it is not an acceptable path to delete."
    else
        rm --recursive "$file"
    fi
    set -o xtrace # set -x
@ -776,26 +760,22 @@ ynh_secure_remove () {
 # (Deprecated, use --output-as json and jq instead)
 ynh_get_plain_key() {
    local prefix="#"
-    local founded=0
+    local found=0
    # We call this key_ so that it's not caught as
    # an info to be redacted by the core
    local key_=$1
    shift
-    while read line
+    while read line; do
-    do
+        if [[ "$found" == "1" ]]; then
        if [[ "$founded" == "1" ]]
        then
            [[ "$line" =~ ^${prefix}[^#] ]] && return
            echo $line
-        elif [[ "$line" =~ ^${prefix}${key_}$ ]]
+        elif [[ "$line" =~ ^${prefix}${key_}$ ]]; then
-        then
+            if [[ -n "${1:-}" ]]; then
            if [[ -n "${1:-}" ]]
            then
                prefix+="#"
                key_=$1
                shift
            else
-                founded=1
+                found=1
            fi
        fi
    done
@ -848,8 +828,7 @@ ynh_app_upstream_version () {
    ynh_handle_getopts_args "$@"
    manifest="${manifest:-}"
-    if [[ "$manifest" != "" ]] && [[ -e "$manifest" ]];
+    if [[ "$manifest" != "" ]] && [[ -e "$manifest" ]]; then
    then
        version_key_=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version")
    else
        version_key_=$YNH_APP_MANIFEST_VERSION
@ -897,8 +876,7 @@ ynh_app_package_version () {
 ynh_check_app_version_changed() {
    local return_value=${YNH_APP_UPGRADE_TYPE}
-    if [ "$return_value" == "UPGRADE_FULL" ] || [ "$return_value" == "UPGRADE_FORCED" ] || [ "$return_value" == "DOWNGRADE_FORCED" ]
+    if [ "$return_value" == "UPGRADE_FULL" ] || [ "$return_value" == "UPGRADE_FORCED" ] || [ "$return_value" == "DOWNGRADE_FORCED" ]; then
    then
        return_value="UPGRADE_APP"
    fi
@ -936,8 +914,7 @@ ynh_compare_current_package_version() {
    local current_version=$YNH_APP_CURRENT_VERSION
    # Check the syntax of the versions
-    if [[ ! $version =~ '~ynh' ]] || [[ ! $current_version =~ '~ynh' ]]
+    if [[ ! $version =~ '~ynh' ]] || [[ ! $current_version =~ '~ynh' ]]; then
    then
        ynh_die --message="Invalid argument for version."
    fi
@ -972,13 +949,11 @@ _ynh_apply_default_permissions() {
    local ynh_requirement=$(jq -r '.requirements.yunohost' $YNH_APP_BASEDIR/manifest.json | tr -d '>= ')
-    if [ -z "$ynh_requirement" ] || [ "$ynh_requirement" == "null" ] || dpkg --compare-versions $ynh_requirement ge 4.2
+    if [ -z "$ynh_requirement" ] || [ "$ynh_requirement" == "null" ] || dpkg --compare-versions $ynh_requirement ge 4.2; then
    then
        chmod o-rwx $target
        chmod g-w $target
        chown -R root:root $target
-        if ynh_system_user_exists $app
+        if ynh_system_user_exists $app; then
        then
            chown $app:$app $target
        fi
    fi
--- a/data/hooks/backup/50-conf_manually_modified_files
+++ b/data/hooks/backup/50-conf_manually_modified_files
@ -10,8 +10,7 @@ yunohost tools shell -c "from yunohost.regenconf import manually_modified_files;
 ynh_backup --src_path="./manually_modified_files_list"
-for file in $(cat ./manually_modified_files_list)
+for file in $(cat ./manually_modified_files_list); do
 do
    [[ -e $file ]] && ynh_backup --src_path="$file"
 done
--- a/data/hooks/conf_regen/01-yunohost
+++ b/data/hooks/conf_regen/01-yunohost
@ -102,8 +102,7 @@ EOF
    # If we subscribed to a dyndns domain, add the corresponding cron
    # - delay between 0 and 60 secs to spread the check over a 1 min window
    # - do not run the command if some process already has the lock, to avoid queuing hundreds of commands...
-  if ls -l /etc/yunohost/dyndns/K*.private 2>/dev/null
+    if ls -l /etc/yunohost/dyndns/K*.private 2>/dev/null; then
  then
        cat >$pending_dir/etc/cron.d/yunohost-dyndns <<EOF
 SHELL=/bin/bash
 */10 * * * * root : YunoHost DynDNS update; sleep \$((RANDOM\\%60)); test -e /var/run/moulinette_yunohost.lock || yunohost dyndns update >> /dev/null
@ -144,8 +143,7 @@ EOF
    cp yunoprompt.service ${pending_dir}/etc/systemd/system/yunoprompt.service
-  if [[ "$(yunohost settings get 'security.experimental.enabled')" == "True" ]]
+    if [[ "$(yunohost settings get 'security.experimental.enabled')" == "True" ]]; then
  then
        cp proc-hidepid.service ${pending_dir}/etc/systemd/system/proc-hidepid.service
    else
        touch ${pending_dir}/etc/systemd/system/proc-hidepid.service
@ -192,8 +190,7 @@ do_post_regen() {
    setfacl -m g:all_users:--- /etc/yunohost
    setfacl -m g:all_users:--- /etc/ssowat
-  for USER in $(yunohost user list --quiet --output-as json | jq -r '.users | .[] | .username')
+    for USER in $(yunohost user list --quiet --output-as json | jq -r '.users | .[] | .username'); do
  do
        [ ! -e "/home/$USER" ] || setfacl -m g:all_users:--- /home/$USER
    done
@ -214,17 +211,18 @@ do_post_regen() {
    grep -q '^sftp.app:' /etc/group || groupadd sftp.app
    # Propagates changes in systemd service config overrides
-  [[ ! "$regen_conf_files" =~ "ntp.service.d/ynh-override.conf" ]] || { systemctl daemon-reload; systemctl restart ntp; }
+    [[ ! "$regen_conf_files" =~ "ntp.service.d/ynh-override.conf" ]] || {
        systemctl daemon-reload
        systemctl restart ntp
    }
    [[ ! "$regen_conf_files" =~ "nftables.service.d/ynh-override.conf" ]] || systemctl daemon-reload
    [[ ! "$regen_conf_files" =~ "login.conf.d/ynh-override.conf" ]] || systemctl daemon-reload
-  if [[ "$regen_conf_files" =~ "yunoprompt.service" ]]
+    if [[ "$regen_conf_files" =~ "yunoprompt.service" ]]; then
  then
        systemctl daemon-reload
        action=$([[ -e /etc/systemd/system/yunoprompt.service ]] && echo 'enable' || echo 'disable')
        systemctl $action yunoprompt --quiet --now
    fi
-  if [[ "$regen_conf_files" =~ "proc-hidepid.service" ]]
+    if [[ "$regen_conf_files" =~ "proc-hidepid.service" ]]; then
  then
        systemctl daemon-reload
        action=$([[ -e /etc/systemd/system/proc-hidepid.service ]] && echo 'enable' || echo 'disable')
        systemctl $action proc-hidepid --quiet --now
--- a/data/hooks/conf_regen/02-ssl
+++ b/data/hooks/conf_regen/02-ssl
@ -110,8 +110,7 @@ do_post_regen() {
    current_local_ca_domain=$(openssl x509 -in $ynh_ca -text | tr ',' '\n' | grep Issuer | awk '{print $4}')
    main_domain=$(cat /etc/yunohost/current_host)
-  if [[ "$current_local_ca_domain" != "$main_domain" ]]
+    if [[ "$current_local_ca_domain" != "$main_domain" ]]; then
  then
        regen_local_ca $main_domain
        # Idk how useful this is, but this was in the previous python code (domain.main_domain())
        ln -sf /etc/yunohost/certs/$domain/crt.pem /etc/ssl/certs/yunohost_crt.pem
--- a/data/hooks/conf_regen/06-slapd
+++ b/data/hooks/conf_regen/06-slapd
@ -62,8 +62,7 @@ EOF
    # We don't use mkhomedir_helper because 'admin' may not be recognized
    # when this script is ran in a chroot (e.g. ISO install)
    # We also refer to admin as uid 1007 for the same reason
-  if [ ! -d /home/admin ]
+    if [ ! -d /home/admin ]; then
  then
        cp -r /etc/skel /home/admin
        chown -R 1007:1007 /home/admin
    fi
@ -97,8 +96,8 @@ do_pre_regen() {
    # Define if we need to migrate from hdb to mdb
    curr_backend=$(grep '^database' /etc/ldap/slapd.conf 2>/dev/null | awk '{print $2}')
-  if [ -e /etc/ldap/slapd.conf ] && [ -n "$curr_backend" ] && \
+    if [ -e /etc/ldap/slapd.conf ] && [ -n "$curr_backend" ] \
-     [ $curr_backend != 'mdb' ]; then
+        && [ $curr_backend != 'mdb' ]; then
        backup_dir="/var/backups/dc=yunohost,dc=org-${curr_backend}-$(date +%s)"
        mkdir -p "$backup_dir"
        slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
@ -138,16 +137,14 @@ do_post_regen() {
    chown -R openldap:openldap /etc/ldap/slapd.d/
    # If we changed the systemd ynh-override conf
-  if echo "$regen_conf_files" | sed 's/,/\n/g' | grep -q "^/etc/systemd/system/slapd.service.d/ynh-override.conf$"
+    if echo "$regen_conf_files" | sed 's/,/\n/g' | grep -q "^/etc/systemd/system/slapd.service.d/ynh-override.conf$"; then
  then
        systemctl daemon-reload
        systemctl restart slapd
        sleep 3
    fi
    # For some reason, old setups don't have the admins group defined...
-  if ! slapcat | grep -q 'cn=admins,ou=groups,dc=yunohost,dc=org'
+    if ! slapcat | grep -q 'cn=admins,ou=groups,dc=yunohost,dc=org'; then
  then
        slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org <<< \
            "dn: cn=admins,ou=groups,dc=yunohost,dc=org
 cn: admins
@ -192,8 +189,7 @@ objectClass: top"
    # wait a maximum time of 5 minutes
    # yes, force-reload behave like a restart
    number_of_wait=0
-  while ! su admin -c '' && ((number_of_wait < 60))
+    while ! su admin -c '' && ((number_of_wait < 60)); do
  do
        sleep 5
        ((number_of_wait += 1))
    done
--- a/data/hooks/conf_regen/10-apt
+++ b/data/hooks/conf_regen/10-apt
@ -8,8 +8,7 @@ do_pre_regen() {
    mkdir --parents "${pending_dir}/etc/apt/preferences.d"
    packages_to_refuse_from_sury="php php-fpm php-mysql php-xml php-zip php-mbstring php-ldap php-gd php-curl php-bz2 php-json php-sqlite3 php-intl openssl libssl1.1 libssl-dev"
-    for package in $packages_to_refuse_from_sury
+    for package in $packages_to_refuse_from_sury; do
    do
        echo "
 Package: $package
 Pin: origin \"packages.sury.org\" 
--- a/data/hooks/conf_regen/15-nginx
+++ b/data/hooks/conf_regen/15-nginx
@ -32,8 +32,14 @@ do_init_regen() {
    cp "redirect_to_admin.conf" $nginx_conf_dir/default.d/
    # Restart nginx if conf looks good, otherwise display error and exit unhappy
-  nginx -t 2>/dev/null || { nginx -t; exit 1; }
+    nginx -t 2>/dev/null || {
-  systemctl restart nginx || { journalctl --no-pager --lines=10 -u nginx >&2; exit 1; }
+        nginx -t
        exit 1
    }
    systemctl restart nginx || {
        journalctl --no-pager --lines=10 -u nginx >&2
        exit 1
    }
    exit 0
 }
@ -51,8 +57,7 @@ do_pre_regen() {
    cp plain/* "$nginx_conf_dir"
    # remove the panel overlay if this is specified in settings
    panel_overlay=$(yunohost settings get 'ssowat.panel_overlay.enabled')
-  if [ "$panel_overlay" == "false" ] || [ "$panel_overlay" == "False" ]
+    if [ "$panel_overlay" == "false" ] || [ "$panel_overlay" == "False" ]; then
  then
        echo "#" >"${nginx_conf_dir}/yunohost_panel.conf.inc"
    fi
@ -88,8 +93,7 @@ do_pre_regen() {
    done
    export webadmin_allowlist_enabled=$(yunohost settings get security.webadmin.allowlist.enabled)
-  if [ "$webadmin_allowlist_enabled" == "True" ]
+    if [ "$webadmin_allowlist_enabled" == "True" ]; then
  then
        export webadmin_allowlist=$(yunohost settings get security.webadmin.allowlist)
    fi
    ynh_render_template "yunohost_admin.conf.inc" "${nginx_conf_dir}/yunohost_admin.conf.inc"
@ -133,11 +137,9 @@ do_post_regen() {
    # Get rid of legacy lets encrypt snippets
    for domain in $YNH_DOMAINS; do
        # If the legacy letsencrypt / acme-challenge domain-specific snippet is still there
-      if [ -e /etc/nginx/conf.d/${domain}.d/000-acmechallenge.conf ]
+        if [ -e /etc/nginx/conf.d/${domain}.d/000-acmechallenge.conf ]; then
      then
            # And if we're effectively including the new domain-independant snippet now
-          if grep -q "include /etc/nginx/conf.d/acme-challenge.conf.inc;" /etc/nginx/conf.d/${domain}.conf
+            if grep -q "include /etc/nginx/conf.d/acme-challenge.conf.inc;" /etc/nginx/conf.d/${domain}.conf; then
          then
                # Delete the old domain-specific snippet
                rm /etc/nginx/conf.d/${domain}.d/000-acmechallenge.conf
            fi
@ -145,8 +147,14 @@ do_post_regen() {
    done
    # Reload nginx if conf looks good, otherwise display error and exit unhappy
-  nginx -t 2>/dev/null || { nginx -t; exit 1; }
+    nginx -t 2>/dev/null || {
-  pgrep nginx && systemctl reload nginx || { journalctl --no-pager --lines=10 -u nginx >&2; exit 1; }
+        nginx -t
        exit 1
    }
    pgrep nginx && systemctl reload nginx || {
        journalctl --no-pager --lines=10 -u nginx >&2
        exit 1
    }
 }
 do_$1_regen ${@:2}
--- a/data/hooks/conf_regen/19-postfix
+++ b/data/hooks/conf_regen/19-postfix
@ -29,8 +29,7 @@ do_pre_regen() {
    export relay_port=""
    export relay_user=""
    export relay_host="$(yunohost settings get 'smtp.relay.host')"
-  if [ -n "${relay_host}" ]
+    if [ -n "${relay_host}" ]; then
  then
        relay_port="$(yunohost settings get 'smtp.relay.port')"
        relay_user="$(yunohost settings get 'smtp.relay.user')"
        relay_password="$(yunohost settings get 'smtp.relay.password')"
@ -69,8 +68,7 @@ do_pre_regen() {
 do_post_regen() {
    regen_conf_files=$1
-  if [ -e /etc/postfix/sasl_passwd ]
+    if [ -e /etc/postfix/sasl_passwd ]; then
  then
        chmod 750 /etc/postfix/sasl_passwd*
        chown postfix:root /etc/postfix/sasl_passwd*
    fi
--- a/data/hooks/conf_regen/34-mysql
+++ b/data/hooks/conf_regen/34-mysql
@ -14,8 +14,7 @@ do_pre_regen() {
 do_post_regen() {
    regen_conf_files=$1
-  if [[ ! -d /var/lib/mysql/mysql ]]
+    if [[ ! -d /var/lib/mysql/mysql ]]; then
  then
        # dpkg-reconfigure will initialize mysql (if it ain't already)
        # It enabled auth_socket for root, so no need to define any root password...
        # c.f. : cat /var/lib/dpkg/info/mariadb-server-10.3.postinst | grep install_db -C3
@ -37,16 +36,14 @@ do_post_regen() {
        # This is a trick to check if we're able to use mysql without password
        # Expect instances installed in stretch to already have unix_socket
        #configured, but not old instances from the jessie/wheezy era
-      if ! echo "" | mysql 2>/dev/null
+        if ! echo "" | mysql 2>/dev/null; then
      then
            password="$(cat /etc/yunohost/mysql)"
            # Enable plugin unix_socket for root on localhost
            mysql -u root -p"$password" <<<"GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED WITH unix_socket WITH GRANT OPTION;"
        fi
        # If now we're able to login without password, drop the mysql password
-      if echo "" | mysql 2>/dev/null
+        if echo "" | mysql 2>/dev/null; then
      then
            rm /etc/yunohost/mysql
        else
            echo "Can't connect to mysql using unix_socket auth ... something went wrong while trying to get rid of mysql password !?" >&2
@ -56,8 +53,7 @@ do_post_regen() {
    # mysql is supposed to be an alias to mariadb... but in some weird case is not
    # c.f. https://forum.yunohost.org/t/mysql-ne-fonctionne-pas/11661
    # Playing with enable/disable allows to recreate the proper symlinks.
-  if [ ! -e /etc/systemd/system/mysql.service ]
+    if [ ! -e /etc/systemd/system/mysql.service ]; then
  then
        systemctl stop mysql -q
        systemctl disable mysql -q
        systemctl disable mariadb -q
--- a/data/hooks/conf_regen/37-mdns
+++ b/data/hooks/conf_regen/37-mdns
@ -5,8 +5,7 @@ set -e
 _generate_config() {
    echo "domains:"
    echo "    - yunohost.local"
-  for domain in $YNH_DOMAINS
+    for domain in $YNH_DOMAINS; do
  do
        # Only keep .local domains (don't keep
        [[ "$domain" =~ [^.]+\.[^.]+\.local$ ]] && echo "Subdomain $domain cannot be handled by Bonjour/Zeroconf/mDNS" >&2
        [[ "$domain" =~ ^[^.]+\.local$ ]] || continue
@ -39,14 +38,12 @@ do_post_regen() {
    chown mdns:mdns /etc/yunohost/mdns.yml
    # If we changed the systemd ynh-override conf
-  if echo "$regen_conf_files" | sed 's/,/\n/g' | grep -q "^/etc/systemd/system/yunomdns.service$"
+    if echo "$regen_conf_files" | sed 's/,/\n/g' | grep -q "^/etc/systemd/system/yunomdns.service$"; then
  then
        systemctl daemon-reload
    fi
    # Legacy stuff to enable the new yunomdns service on legacy systems
-  if [[ -e /etc/avahi/avahi-daemon.conf ]] && grep -q 'yunohost' /etc/avahi/avahi-daemon.conf
+    if [[ -e /etc/avahi/avahi-daemon.conf ]] && grep -q 'yunohost' /etc/avahi/avahi-daemon.conf; then
  then
        systemctl enable yunomdns
    fi
--- a/data/hooks/conf_regen/43-dnsmasq
+++ b/data/hooks/conf_regen/43-dnsmasq
@ -53,10 +53,8 @@ do_post_regen() {
    # Fuck it, those domain/search entries from dhclient are usually annoying
    # lying shit from the ISP trying to MiTM
-  if grep -q -E "^ *(domain|search)" /run/resolvconf/resolv.conf
+    if grep -q -E "^ *(domain|search)" /run/resolvconf/resolv.conf; then
-  then
+        if grep -q -E "^ *(domain|search)" /run/resolvconf/interface/*.dhclient 2>/dev/null; then
      if grep -q -E "^ *(domain|search)" /run/resolvconf/interface/*.dhclient 2>/dev/null
      then
            sed -E "s/^(domain|search)/#\1/g" -i /run/resolvconf/interface/*.dhclient
        fi
@ -74,8 +72,7 @@ do_post_regen() {
    [[ -n "$regen_conf_files" ]] || return
    # Remove / disable services likely to conflict with dnsmasq
-  for SERVICE in systemd-resolved bind9
+    for SERVICE in systemd-resolved bind9; do
  do
        systemctl is-enabled $SERVICE &>/dev/null && systemctl disable $SERVICE 2>/dev/null
        systemctl is-active $SERVICE &>/dev/null && systemctl stop $SERVICE
    done
--- a/data/hooks/restore/05-conf_ldap
+++ b/data/hooks/restore/05-conf_ldap
@ -14,11 +14,11 @@ die() {
    # Restore saved configuration and database
    [[ $state -ge 1 ]] \
-      && (rm -rf /etc/ldap/slapd.d &&
+        && (rm -rf /etc/ldap/slapd.d \
-          mv "${TMPDIR}/slapd.d" /etc/ldap/slapd.d)
+            && mv "${TMPDIR}/slapd.d" /etc/ldap/slapd.d)
    [[ $state -ge 2 ]] \
-      && (rm -rf /var/lib/ldap &&
+        && (rm -rf /var/lib/ldap \
-          mv "${TMPDIR}/ldap" /var/lib/ldap)
+            && mv "${TMPDIR}/ldap" /var/lib/ldap)
    chown -R openldap: /etc/ldap/slapd.d /var/lib/ldap
    systemctl start slapd
--- a/data/hooks/restore/50-conf_manually_modified_files
+++ b/data/hooks/restore/50-conf_manually_modified_files
@ -5,8 +5,7 @@ ynh_abort_if_errors
 YNH_CWD="${YNH_BACKUP_DIR%/}/conf/manually_modified_files"
 cd "$YNH_CWD"
-for file in $(cat ./manually_modified_files_list)
+for file in $(cat ./manually_modified_files_list); do
 do
    ynh_restore_file --origin_path="$file" --not_mandatory
 done
--- a/data/templates/dovecot/dovecot.conf
+++ b/data/templates/dovecot/dovecot.conf
@ -78,6 +78,20 @@ service quota-warning {
  }
 }
 service stats {
    unix_listener stats-reader {
        user = vmail
        group = mail
        mode = 0660
    }
    unix_listener stats-writer {
        user = vmail
        group = mail
        mode = 0660
    }
 }
 plugin {
  sieve = /var/mail/sievescript/%n/.dovecot.sieve
  sieve_dir = /var/mail/sievescript/%n/scripts/
--- a/debian/postinst
+++ b/debian/postinst
@ -11,8 +11,7 @@ do_configure() {
    if [ ! -f /etc/yunohost/installed ]; then
        # If apps/ is not empty, we're probably already installed in the past and
        # something funky happened ...
-      if [ -d /etc/yunohost/apps/ ] && ls /etc/yunohost/apps/* >/dev/null 2>&1
+        if [ -d /etc/yunohost/apps/ ] && ls /etc/yunohost/apps/* >/dev/null 2>&1; then
      then
            echo "Sounds like /etc/yunohost/installed mysteriously disappeared ... You should probably contact the Yunohost support ..."
        else
            bash /usr/share/yunohost/hooks/conf_regen/01-yunohost init
@ -51,8 +50,8 @@ case "$1" in
    configure)
        do_configure
        ;;
-    abort-upgrade|abort-remove|abort-deconfigure)
+    abort-upgrade | abort-remove | abort-deconfigure) ;;
-    ;;
+
    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
--- a/tests/test_helpers.d/ynhtest_secure_remove.sh
+++ b/tests/test_helpers.d/ynhtest_secure_remove.sh
@ -0,0 +1,71 @@
 ynhtest_acceptable_path_to_delete() {
    mkdir -p /home/someuser
    mkdir -p /home/$app
    mkdir -p /home/yunohost.app/$app
    mkdir -p /var/www/$app
    touch /var/www/$app/bar
    touch /etc/cron.d/$app
    ! _acceptable_path_to_delete /
    ! _acceptable_path_to_delete ////
    ! _acceptable_path_to_delete "    ////   "
    ! _acceptable_path_to_delete /var
    ! _acceptable_path_to_delete /var/www
    ! _acceptable_path_to_delete /var/cache
    ! _acceptable_path_to_delete /usr
    ! _acceptable_path_to_delete /usr/bin
    ! _acceptable_path_to_delete /home
    ! _acceptable_path_to_delete /home/yunohost.backup
    ! _acceptable_path_to_delete /home/yunohost.app
    ! _acceptable_path_to_delete /home/yunohost.app/
    ! _acceptable_path_to_delete ///home///yunohost.app///
    ! _acceptable_path_to_delete /home/yunohost.app/$app/..
    ! _acceptable_path_to_delete ///home///yunohost.app///$app///..//
    ! _acceptable_path_to_delete /home/yunohost.app/../$app/..
    ! _acceptable_path_to_delete /home/someuser
    ! _acceptable_path_to_delete /home/yunohost.app//../../$app
    ! _acceptable_path_to_delete "  /home/yunohost.app///  "
    ! _acceptable_path_to_delete /etc/cron.d/
    ! _acceptable_path_to_delete /etc/yunohost/
    _acceptable_path_to_delete /home/yunohost.app/$app
    _acceptable_path_to_delete /home/yunohost.app/$app/bar
    _acceptable_path_to_delete /etc/cron.d/$app
    _acceptable_path_to_delete /var/www/$app/bar
    _acceptable_path_to_delete /var/www/$app
    rm /var/www/$app/bar
    rm /etc/cron.d/$app
    rmdir /home/yunohost.app/$app
    rmdir /home/$app
    rmdir /home/someuser
    rmdir /var/www/$app
 }
 ynhtest_secure_remove() {
    mkdir -p /home/someuser
    mkdir -p /home/yunohost.app/$app
    mkdir -p /var/www/$app
    mkdir -p /var/whatever
    touch /var/www/$app/bar
    touch /etc/cron.d/$app
    ! ynh_secure_remove --file="/home/someuser"
    ! ynh_secure_remove --file="/home/yunohost.app/"
    ! ynh_secure_remove --file="/var/whatever"
    ynh_secure_remove --file="/home/yunohost.app/$app"
    ynh_secure_remove --file="/var/www/$app"
    ynh_secure_remove --file="/etc/cron.d/$app"
    test -e /home/someuser
    test -e /home/yunohost.app
    test -e /var/whatever
    ! test -e /home/yunohost.app/$app
    ! test -e /var/www/$app
    ! test -e /etc/cron.d/$app
    rmdir /home/someuser
    rmdir /var/whatever
 }