style: limit line length per file extension

Editorconfig can only act based on file extension and path, not attributes, it remains a mean only for multiple collaborators to use the same configuration on their editor. When it is too restrictive, such as not considering the file syntax, use a lint tool for the specific file type instead of trusting editorconfig. Changes were made to increase readability.
2024-10-01 02:35:49 -04:00 · 2024-07-09 17:42:07 +02:00 · 2024-07-09 17:42:07 +02:00 · 011a71a36d
commit 011a71a36d
parent 2d0bf9784d
37 changed files with 330 additions and 123 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
@ -16,8 +16,24 @@ end_of_line = lf
 indent_style = tab
 indent_size = 8
-[*.{md,sh,yaml,yml,toml,json}]
+[*.{md,toml,json}]
 indent_size = 2
-[*.{py}]
+[*.{yaml,yml}]
 indent_size = 2
 max_line_length = 120
 [*.{sls,top,jinja}]
 max_line_length = 160
 [*.py]
 indent_size = 4
 max_line_length = 79
 [{*.{sh,bash,ksh,zsh,lessfilter,xinitrc,Xinitrc,xsession,Xsession,xsessionrc,Xsessionrc,xprofile,Xprofile},**/.config/{sh,bash,ksh,zsh}/**,**/git/shell/**,**/qubes-bind-dirs.d/**,**/lib-qubes-bind-dirs.d/**,**/rc.local.d/**,**/dom0/files/autostartart-scripts/**,**/git/template/hooks/**,**/git/files/client/git-core/**}]
 indent_size = 2
 ## Impossible to be sure via file extension if it is a shell file.
 # /bin/.*
 # /rpc/.*
 # /network-hooks\.d/.*
 # /qubes-firewall\.d/.*
--- a/.github/workflows/reject-pr.yaml
+++ b/.github/workflows/reject-pr.yaml
@ -52,5 +52,9 @@ jobs:
        uses: peter-evans/close-pull@v3
        with:
          # yamllint disable-line rule:line-length
-          comment: 'Automatically closing this PR due to submitter not reading the contribution guidelines and using GitHub WebUI to commit. Please fix the issues and open a new PR after you have read the contribution guidelines.'
+          comment: >
            Automatically closing this PR due to submitter not reading the
            contribution guidelines and using GitHub WebUI to commit. Please
            fix the issues and open a new PR after you have read the
            contribution guidelines.
          delete-branch: false
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -28,9 +28,15 @@ repos:
        language: script
        pass_filenames: true
        # yamllint disable rule:line-length
-        files: (\.sh|/rc\.local\.d/.*\.rc|/bin/.*|/rpc/.*|/network-hooks\.d/.*|/qubes-firewall\.d/.*|/(lib-)?qubes-bind-dirs\.d/.*|/\.config/(sh|bash|zsh|less|x11|git/shell|git/template/hooks)/.*|/autostart-scripts/.*|/qvm-copy-dotfiles|/git-core/.*)
+        files: >-
          (\.sh|/rc\.local\.d/.*\.rc|/bin/.*|/rpc/.*|/network-hooks\.d/.*|
          /qubes-firewall\.d/.*|/(lib-)?qubes-bind-dirs\.d/.*|
          /\.config/(sh|bash|zsh|less|x11|git/shell|git/template/hooks)/.*|
          /autostart-scripts/.*|/qvm-copy-dotfiles|/git-core/.*)
        # yamllint disable rule:line-length
-        exclude: \.(policy|asc|txt|top|sls|jinja|toml|vim|py|muttrc|nft|md|spec|list|sources|repo|socket|timer|service|y(a)?ml)$
+        exclude: >-
          \.(policy|asc|txt|top|sls|jinja|toml|vim|py|muttrc|nft|md|spec|
          list|sources|repo|socket|timer|service|y(a)?ml)$
        description: Lint Shellscripts
      - id: markdown-lint
@ -81,7 +87,9 @@ repos:
        args: [test]
        pass_filenames: true
        # yamllint disable rule:line-length
-        files: ^(rpm_spec/template/template.spec|salt/.*|scripts/spec-(get|gen)\.sh)$
+        files: >-
          ^(rpm_spec/template/template.spec|salt/.*|
          scripts/spec-(get|gen)\.sh)$
        description: Check if RPM SPEC files are up to date
      - id: license-lint
--- a/salt/browser/create.sls
+++ b/salt/browser/create.sls
@ -20,8 +20,10 @@ prefs:
 - maxmem: 2000
 features:
 - set:
  # editorconfig-checker-disable
  - default-menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-open-file-manager.desktop qubes-start.desktop" # noqa: 204
  - menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-open-file-manager.desktop qubes-start.desktop" # noqa: 204
  # editorconfig-checker-enable
 - disable:
  - service.tracker
  - service.evolution-data-server
@ -52,6 +54,8 @@ features:
  - service.tracker
  - service.evolution-data-server
 - set:
  # editorconfig-checker-disable
  - menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-open-file-manager.desktop qubes-start.desktop" # noqa: 204
  # editorconfig-checker-enable
 {%- endload %}
 {{ load(defaults) }}
--- a/salt/dom0/files/bin/qubes-kde-win-rules
+++ b/salt/dom0/files/bin/qubes-kde-win-rules
@ -1,6 +1,6 @@
 #!/bin/sh
-# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
@ -25,9 +25,11 @@ writeconf(){
  key="$2"
  value="$3"
-  group_id="$(grep -B1 -- "^Description=$group$" "$file" | head -1 | tr -d "[" | tr -d "]")"
+  group_id="$(grep -B1 -- "^Description=$group$" "$file" | head -1 |
    tr -d "[" | tr -d "]")"
  if test -z "${group_id}"; then
-    highest_id="$(grep -- "\[[0-9]\+\]" "$file" | tr -d "[" | tr -d "]" | sort | tail -1)"
+    highest_id="$(grep -- "\[[0-9]\+\]" "$file" | tr -d "[" | tr -d "]" |
      sort | tail -1)"
    if test -n "${highest_id}"; then
      group_id="$((highest_id+1))"
    else
@ -54,7 +56,8 @@ writeconf_group(){
  fi
  ## Regex: https://doc.qt.io/qt-6/qregularexpression.html
-  writeconf "$chosen_group" title "^\\[(disp-|dvm-)?$chosen_group(-\\S+)?\\] .*"
+  writeconf "$chosen_group" title \
    "^\\[(disp-|dvm-)?$chosen_group(-\\S+)?\\] .*"
  writeconf "$chosen_group" titlematch 3
  writeconf "$chosen_group" wmclass "$chosen_group"
  writeconf "$chosen_group" wmclasscomplete false
--- a/salt/dom0/files/bin/qvm-backup-find-last
+++ b/salt/dom0/files/bin/qvm-backup-find-last
@ -9,7 +9,8 @@ set -eu
 list_backups(){
  ## Hide stderr to hide remote login connection messages (banners etc).
  # shellcheck disable=SC2086
-  ${qrun_cmd} "${qube}" -- "${cmd} ${find_cmd} 2>/dev/null"
+  qvm-run --filter-escape-chars --no-color-output --no-color-stderr \
    --pass-io "${qube}" -- "${cmd} ${find_cmd} 2>/dev/null"
 }
 list_last_backup(){
@ -35,7 +36,6 @@ cmd="${3-}"
 find_pattern="qubes-backup-*"
 find_cmd="find \"${path}\" -maxdepth 1 -type f -name \"${find_pattern}\""
 qrun_cmd="qvm-run --filter-escape-chars --no-color-output --no-color-stderr --pass-io"
 last_backup="$(list_last_backup)"
 if test -z "${last_backup}"; then
--- a/salt/dom0/files/bin/qvm-pci-regain
+++ b/salt/dom0/files/bin/qvm-pci-regain
@ -20,7 +20,8 @@ set -eu
 usage(){
  echo "Usage: ${0##*/} --i-like-danger <DEVICE>"
  echo "Example: ${0##*/} --i-like-danger 0000:00:1b.0"
-  echo "Warning: It is strongly discouraged to reattach PCI devices to dom0, especially if they don't support resetting!"
+  echo "Warning: Strongly discouraged to reattach PCI devices to dom0"
  echo "Warning:  especially if it doesn't support resetting!"
  exit 1
 }
--- a/salt/dom0/files/bin/qvm-port-forward
+++ b/salt/dom0/files/bin/qvm-port-forward
@ -72,7 +72,10 @@ get_rule_handle(){
  qube="${1}"
  chain="${2}"
  rule="${3}"
-  run_qube "${qube}" "nft --handle --stateless list chain ip qubes ${chain} | tr -d '\"' | grep '^\s\+${rule} # handle ' | awk '{print \$NF}' | tr '\n' ' '" 2>/dev/null
+  run_qube "${qube}" -- \
    "nft --handle --stateless list chain ip qubes ${chain} |
    tr -d '\"' | grep '^\s\+${rule} # handle ' | awk '{print \$NF}' |
    tr '\n' ' '" 2>/dev/null
 }
 delete_rule_handle(){
@ -124,10 +127,15 @@ forward() {
  fi
  dnat_chain="custom-pf-${to_ip_escaped}"
-  dnat_rule="iifname ${dev} ip saddr ${lan_ip} ${proto} dport ${port} ct state established,related,new counter dnat to ${to_ip}"
+  dnat_rule="iifname ${dev} ip saddr ${lan_ip} ${proto} dport ${port} ct"
  dnat_rule="${dnat_rule} state established,related,new counter dnat to"
  dnat_rule="${dnat_rule} ${to_ip}"
  forward_chain="custom-forward"
-  forward_rule="iifname ${dev} ip saddr ${lan_ip} ip daddr ${to_ip} ${proto} dport ${port} ct state established,related,new counter accept"
+  forward_rule="iifname ${dev} ip saddr ${lan_ip} ip daddr ${to_ip} ${proto}"
-  full_rule="nft 'add chain ip qubes ${dnat_chain} { type nat hook prerouting priority filter +1; policy accept; }
+  forward_rule="${forward_rule} dport ${port} ct state"
  forward_rule="${forward_rule} established,related,new counter accept"
  dnat_policy="type nat hook prerouting priority filter +1; policy accept;"
  full_rule="nft 'add chain ip qubes ${dnat_chain} { ${dnat_policy}
 add rule ip qubes ${dnat_chain} ${dnat_rule}
 add rule ip qubes ${forward_chain} ${forward_rule}'"
@ -137,7 +145,8 @@ add rule ip qubes ${forward_chain} ${forward_rule}'"
    echo "info: ${from_qube}: deleting rules" >&2
    run_qube "${from_qube}" "rm -f ${hook}"
  else
-    echo "info: ${from_qube}: adding forward rule dev ${dev} saddr ${lan_ip} daddr ${to_ip}" >&2
+    msg="adding forward rule dev ${dev} saddr ${lan_ip} daddr ${to_ip}"
    echo "info: ${from_qube}: ${msg}" >&2
    run_qube "${from_qube}" "${full_rule}"
    if test "${persistent}" = "1"; then
@ -149,7 +158,9 @@ add rule ip qubes ${forward_chain} ${forward_rule}'"
 get_handle(){
  chain=\\\${1}
  rule=\\\${2}
-  nft --handle --stateless list chain ip qubes \\\${chain} | tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\"
+  nft --handle --stateless list chain ip qubes \\\${chain} | \\\
    tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | \\\
    awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\"
 }
 forward_handle=\\\$(get_handle ${forward_chain} \\\"${forward_rule}\\\")
@ -169,7 +180,8 @@ fi
 ${full_rule}"
      create_net_dir "${from_qube}"
-      run_qube "${from_qube}" "echo \"${full_rule}\" | tee \"${hook}\" >/dev/null"
+      run_qube "${from_qube}" \
        "echo \"${full_rule}\" | tee \"${hook}\" >/dev/null"
      run_qube "${from_qube}" "chmod +x ${hook}"
    fi
  fi
@ -181,7 +193,8 @@ input() {
  hook="${hook_prefix}${to_ip}-${proto}-${port}.sh"
  create_net_dir "${qube}"
-  custom_input_rule="${proto} dport ${port} ip daddr ${to_ip} ct state new counter accept"
+  custom_input_rule="${proto} dport ${port} ip daddr ${to_ip} ct state new"
  custom_input_rule="${custom_input_rule} counter accept"
  input_rule="nft add rule ip qubes custom-input ${custom_input_rule}"
  delete_rule "${qube}" "custom-input" "${custom_input_rule}"
@ -196,7 +209,9 @@ input() {
 get_handle(){
  chain=\\\${1}
  rule=\\\${2}
-  nft --handle --stateless list chain ip qubes \\\${chain} | tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\"
+  nft --handle --stateless list chain ip qubes \\\${chain} | \\\
    tr -d '\\\"' | grep '^\\\s\\\+\\\${rule} \\# handle ' | \\\
    awk '{print \\\$NF}' | tr \\\"\\\n\\\" \\\" \\\"
 }
 input_handle=\\\$(get_handle custom-input \\\"${custom_input_rule}\\\")
@ -244,7 +259,7 @@ get_lan(){
 test_qvm_run(){
  qube="${1}"
  if ! run_qube "${qube}" echo "Test QUBESRPC" >/dev/null 2>&1; then
-    echo "error: ${qube}: service qubes.VMShell failed, use a different qube" >&2
+    echo "error: ${qube}: RPC qubes.VMShell failed, use a different qube" >&2
    exit 1
  fi
 }
@ -267,7 +282,9 @@ recurse_netvms() {
 }
 usage() {
-  echo "Usage: ${0##*/} --action ACTION --qube QUBE --port PORT --proto PROTO [--persistent]
+  echo "Usage: ${0##*/} OPTIONS
 Option syntax:
  --action ACTION --qube QUBE --port PORT --proto PROTO [--persistent]
 Options:
  -a, --action ACTION        add or delete a rule (add, del)
  -q, --qube QUBE            qube name which holds the service to be exposed
@ -280,7 +297,7 @@ Example:
  ${0##*/} --action del --qube work --port 22 --proto tcp
  ${0##*/} --action del --qube work --port 444 --proto udp
 Note: Defaults to temporary rules
-Warn: Use of '--persistent' with disposable netvm saves the rule in the disposable template" >&2
+Warn: Persistent rules of disposable netvm are saved to its template" >&2
  exit 1
 }
@ -322,7 +339,9 @@ hook_dir="/rw/config/network-hooks.d"
 hook_prefix="${hook_dir}/90-port-forward-"
 persistent=""
-if ! OPTS=$(getopt -o h,a:q:p:n:s --long help,action:,qube:,port:,proto:,persistent -n "${0}" -- "${@}"); then
+if ! OPTS=$(getopt -o h,a:q:p:n:s \
  --long help,action:,qube:,port:,proto:,persistent -n "${0}" -- "${@}")
 then
  echo "An error occurred while parsing options." >&2
  exit 1
 fi
--- a/salt/dom0/files/bin/qvm-screenshot
+++ b/salt/dom0/files/bin/qvm-screenshot
@ -69,7 +69,8 @@ mkdir -p "${guivm_pictures_dir}" || exit 1
 current_date="$(date +"%Y-%m-%d-%H%M%S")"
 screenshot_basename="${current_date}.png"
-screenshot_file="${guivm_pictures_dir}/${screenshot_basename}"
+screenshot_file="${guivm_pictures_dir%*/}/${screenshot_basename}"
 qube_screenshot_file="${qube_pictures_dir}/${screenshot_basename}"
 screenshot_type_text=""
 screenshot_action_text=""
 screenshot_action_supplied=""
@ -179,7 +180,8 @@ else
    screenshot_cmd="xfce4-screenshooter"
  fi
  if test -z "${screenshot_cmd}"; then
-    msg="screenshot programs not found: spectacle xfce4-screenshooter scrot maim"
+    msg="screenshot programs not found"
    msg="${msg}: spectacle xfce4-screenshooter scrot maim"
    echo "[ERROR] ${msg}"
    case "${dialog_cmd}" in
      zenity) zenity --info --text "${msg}";;
@ -217,7 +219,7 @@ case "${screenshot_type_text}" in
  *) echo "[ERROR] mode not selected"; exit 1;;
 esac
-if ! test -f "${guivm_pictures_dir}/${screenshot_basename}"; then
+if ! test -f "${screenshot_file}"; then
  msg="Screenshot was not saved in GuiVM"
  echo "[ERROR] ${msg}"
  case "${dialog_cmd}" in
@ -228,7 +230,7 @@ if ! test -f "${guivm_pictures_dir}/${screenshot_basename}"; then
 fi
 if test "${screenshot_action_supplied}" != "1"; then
-  dialog_title="Saved to ${screenshot_basename}. What do you want to do with the screenshot?"
+  dialog_title="Saved to ${screenshot_file}. What do you want to do with it?"
  case "${dialog_cmd}" in
    zenity)
      screenshot_action_text="$(zenity --list --width=280 --height=210 \
@ -314,10 +316,11 @@ if ! qvm-check -- "${qube}" >/dev/null 2>&1; then
 fi
 qvm-run "${qube}" -- "mkdir -p \"${qube_pictures_dir}\""
-qvm-run --pass-io "${qube}" -- "cat > \"${qube_pictures_dir}/${screenshot_basename}\"" < "${guivm_pictures_dir}/${screenshot_basename}"
+qvm-run --pass-io "${qube}" -- "cat > \"${qube_screenshot_file}\"" \
  < "${screenshot_file}"
 if test ${file_move} = "1"; then
-  rm -f "${guivm_pictures_dir}/${screenshot_basename}"
+  rm -f "${screenshot_file}"
 fi
 if test "${file_manager}" = "1"; then
--- a/salt/dom0/files/bin/qvm-terminal
+++ b/salt/dom0/files/bin/qvm-terminal
@ -35,13 +35,13 @@ case "${1-}" in
    ## Try to run on focused window, if Dom0 is focused, it will prompt you to
    ## select a qube window.
    id="$(xdotool getwindowfocus)"
-    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')"
+    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F'"' '{print $2}')"
    if test -n "${qube}"; then
      exec qvm-run --service -- "${qube}" "qubes.StartApp+${service}"
    fi
    echo "Select a qube window ..."
    id="$(xdotool selectwindow)"
-    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')"
+    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F'"' '{print $2}')"
    if test -n "${qube}"; then
      qvm-run --service -- "${qube}" "qubes.StartApp+${service}"
    fi
--- a/salt/dotfiles
+++ b/salt/dotfiles
@ -1 +1 @@
-Subproject commit a8129e053a38dc4c69b2010e5202c1632e67a69d
+Subproject commit 024e9c469de634181ec77eb52420f25339f4f01e
--- a/salt/fedora-minimal/files/admin/bin/salt-patch.sh
+++ b/salt/fedora-minimal/files/admin/bin/salt-patch.sh
@ -11,6 +11,7 @@
 set -eu
 qube="${1}"
 dnf_min_install="dnf -q install --refresh -y --setopt=install_weak_deps=False"
 qvm-run --user=root --pass-io --filter-escape-chars --no-color-output \
-  --no-color-stderr "${qube}" -- \
+  --no-color-stderr "${qube}" -- "${dnf_min_install} python3-urllib3"
  "dnf --quiet install --refresh --assumeyes --setopt=install_weak_deps=False python3-urllib3"
--- a/salt/reader/create.sls
+++ b/salt/reader/create.sls
@ -48,8 +48,10 @@ features:
 - enable:
  - appmenus-dispvm
 - set:
  # editorconfig-checker-disable
  - default-menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
  - menu-items: "qusal-mullvad-browser.desktop org.mozilla.firefox.desktop firefox.desktop firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
  # editorconfig-checker-enable
 {%- endload %}
 {{ load(defaults) }}
--- a/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie
+++ b/salt/sys-bitcoin/files/server/bin/bitcoin-rpcwhitelist-cookie
@ -8,7 +8,8 @@ set -eu
 conf="${HOME}/.bitcoin/conf.d/cookie.conf"
 if ! systemctl is-active bitcoind >/dev/null 2>&1; then
-  echo "systemd service 'bitcoind' is not active, remote RPC cannot add crendtials" >&2
+  echo "systemd service 'bitcoind' is inactive" >&2
  echo "remote RPC can't add crendetials" >&2
  exit 1
 fi
--- a/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper
+++ b/salt/sys-bitcoin/files/server/bin/bitcoin-whitepaper
@ -25,7 +25,7 @@ check_installed(){
      missing_programs=1
    fi
  done
-  if test "${missing_programs}"; then
+  if test "${missing_programs}" = "1"; then
    exit 1
  fi
 }
@ -45,7 +45,10 @@ getblock(){
  check_installed bitcoin-cli xxd
  bitcoin-cli getblock "${block_hash}" 0 \
    | tail -c+92167 \
-    | for ((o=0;o<946;++o)); do read -rN420 x; echo -n "${x::130}${x:132:130}${x:264:130}" ; done \
+    | for ((o=0;o<946;++o)); do \
        read -rN420 x; \
        echo -n "${x::130}${x:132:130}${x:264:130}"; \
      done \
    | xxd -r -p \
    | tail -c+9 \
    | head -c184292 \
@ -77,15 +80,15 @@ gettxout(){
 }
 usage(){
-  echo "Usage: ${0##*/} getblock|getrawtransaction|gettxtout [DIR]"
+  echo "Usage: ${0##*/} getblock|getrawtransaction|gettxout [DIR]"
-  echo "Note: gettxtout works with pruned node"
+  echo "Note: gettxout works with pruned node"
  echo "Note: DIR defaults to \$HOME"
  exit 1
 }
 case "${1:-}" in
-  "getblock"|"getrawtransaction"|"gettxtout")
+  "getblock"|"getrawtransaction"|"gettxout")
-    test -z "${2}" || dir="${2}"
+    test -z "${2-}" || dir="${2}"
    validate_dir "${dir}"
    output_file="${dir}/${file}"
    "${1}"
--- a/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet
+++ b/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet
@ -14,7 +14,8 @@ bitcoin_pass="/home/user/.bitcoin/rpcclient.pass"
 user="${QREXEC_REMOTE_DOMAIN}"
 if ! systemctl is-active bitcoind >/dev/null 2>&1; then
-  echo "systemd service 'bitcoind' is not active, cannot add credentials with remote RPC" >&2
+  echo "systemd service 'bitcoind' is not active" >&2
  echo "cannot add credentials with remote RPC" >&2
  exit 1
 fi
--- a/salt/sys-cacher/files/admin/tag.py
+++ b/salt/sys-cacher/files/admin/tag.py
@ -10,7 +10,7 @@ import argparse
 import qubesadmin  # pylint: disable=import-error
 import qubesadmin.vm  # pylint: disable=import-error
-def get_cacher_tagged_qubes(qubes, wanted_dist, extraneous=False):
+def get_clients(qubes, wanted_dist, extraneous=False):
    """Get qubes tagged for ACNG"""
    domains = []
    for qube in qubes.domains:  # pylint: disable=invalid-name
@ -51,8 +51,7 @@ def main():  # pylint: disable=missing-function-docstring
    wanted_dist = ["debian", "fedora", "arch", "ubuntu", "kicksecure"]
    qubes = qubesadmin.Qubes()
-    domains = get_cacher_tagged_qubes(qubes, wanted_dist,
+    domains = get_clients(qubes, wanted_dist, extraneous=args.extraneous)
                                      extraneous=args.extraneous)
    print("\n".join(domains))
--- a/salt/sys-cacher/files/browser/rc.local.d/50-sys-cacher.rc
+++ b/salt/sys-cacher/files/browser/rc.local.d/50-sys-cacher.rc
@ -4,6 +4,7 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
-cp -r /rw/config/systemd/qusal-acng-browser-forwarder* /usr/lib/systemd/system/
+cp -r /rw/config/systemd/qusal-acng-browser-forwarder* \
  /usr/lib/systemd/system/
 systemctl daemon-reload
 systemctl --no-block restart qusal-acng-browser-forwarder.socket
--- a/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo
+++ b/salt/sys-cacher/files/client/bin/apt-cacher-ng-repo
@ -30,23 +30,27 @@ set_proxy_marker(){
  if ! grep -q "^${marker_begin}$" "${proxy_file}"; then
    if grep -q "^${marker_end}$" "${proxy_file}"; then
-      echo "Error: found marker ${marker_end_text} but not ${marker_begin_text} in ${proxy_file}" >&2
+      msg="found marker ${marker_end_text} but not ${marker_begin_text}"
-      echo "Fix the file by either removing both markers or adding missing ones and retry" >&2
+      msg="${msg} in ${proxy_file}."
      msg="${msg} fix it by removing markers or adding missing ones and retry"
      echo "Error: ${msg}" >&2
      exit 1
    fi
    cp "${proxy_file}" "${proxy_file}.qubes-orig"
    echo "${marker_begin}" | tee -a "${proxy_file}" >/dev/null
    echo "${marker_end}" | tee -a "${proxy_file}" >/dev/null
  elif ! grep -q "^${marker_end}$" "${proxy_file}"; then
-    echo "Error: found marker ${marker_begin_text} but not ${marker_end_text} in ${proxy_file}" >&2
+    msg="found marker ${marker_begin_text} but not ${marker_end_text}"
-    echo "Fix the file by either removing both markers or adding missing ones and retry" >&2
+    msg="${msg} in ${proxy_file}."
    msg="${msg} fix it by removing markers or adding missing ones and retry"
    echo "error: ${msg}" >&2
    exit 1
  fi
  proxy_tmp_file="$(mktemp)"
  cat >"${proxy_tmp_file}" <<EOF
-# The text between ${marker_begin_text} and ${marker_end_text} is automatically
+# The text between ${marker_begin_text} and ${marker_end_text} is
-# generated by $0. All changes here will be overridden.
+# automatically generated by $0. All changes here will be overridden.
 # You can override options after the ${marker_end_text}.
 ${proxy_options}
 EOF
@ -76,7 +80,7 @@ check_netvm_cacher(){
  if test -f /var/run/qubes-service/netvm-cacher; then
    proxy_host="$(qubesdb-read /qubes-gateway)"
    if test -z "${proxy_host}"; then
-      echo "Error: service netvm-cacher enabled but netvm IP was not found" >&2
+      echo "Error: service netvm-cacher enabled but netvm IP not found" >&2
      return 1
    fi
  fi
@ -120,9 +124,14 @@ EOF
    case "${action}" in
      install)
        baseurl_search="baseurl\s*=\s*https://"
        baseurl_repl="baseurl=http://HTTPS///"
        meta_search="metalink\s*=\s*https://"
        meta_repl="metalink=http://HTTPS///"
        baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}"
        meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}"
        find "${@}" -type f -exec sed -i \
-          -e "s|baseurl\s*=\s*https://|baseurl=http://HTTPS///|w ${changes_file}" \
+          -e "${baseurl_expr}" -e "${meta_expr}" \
          -e "s|metalink\s*=\s*https://|metalink=http://HTTPS///|w ${changes_file}" \
        {} \+
        set --
@ -136,16 +145,26 @@ EOF
        done
        test -n "${*}" || return 0
        baseurl_search="^\s*#.*baseurl"
        baseurl_repl="baseurl"
        meta_search="^\s*metalink\s*=\s*"
        meta_expr="#metalink="
        baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}"
        meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}"
        find "${@}" -type f -exec sed -i \
-          -e "s|^\s*#.*baseurl|baseurl|w ${changes_file}" \
+          -e "${baseurl_expr}" -e "${meta_expr}" \
          -e "s|^\s*metalink\s*=\s*|#metalink=|w ${changes_file}" \
        {} \+
        ;;
      uninstall)
        baseurl_search="baseurl\s*=\s*http://HTTPS///"
        baseurl_repl="baseurl=https://"
        meta_search="metalink\s*=\s*http://HTTPS///"
        meta_repl="metalink=https://"
        baseurl_expr="s|${baseurl_search}|${baseurl_repl}|w ${changes_file}"
        meta_expr="s|${meta_search}|${meta_repl}|w ${changes_file}"
        find "${@}" -type f -exec sed -i \
-          -e "s|baseurl\s*=\s*http://HTTPS///|baseurl=https://|w ${changes_file}" \
+          -e "${baseurl_expr}" -e "${meta_expr}" \
          -e "s|metalink\s*=\s*http://HTTPS///|metalink=https://|w ${changes_file}" \
        {} \+
        set --
@ -194,16 +213,26 @@ EOF
    case "${action}" in
      install)
        sources_search="URIs:\s*https://"
        sources_repl="URIs: http://HTTPS///"
        list_search="^\s*\(#*\)\s*deb\(.*\)https://"
        list_repl="\1deb\2http://HTTPS///"
        sources_expr="s|${sources_search}|${sources_repl}|w ${changes_file}"
        list_expr="s|${list_search}|${list_repl}|w ${changes_file}"
        find "${@}" -type f -exec sed -i \
-          -e "s|URIs:\s*https://|URIs: http://HTTPS///|w ${changes_file}" \
+          -e "${list_expr}" -e "${sources_expr}" \
          -e "s|^\s*\(#*\)\s*deb\(.*\)https://|\1deb\2http://HTTPS///|w ${changes_file}" \
        {} \+
        ;;
      uninstall)
        sources_search="URIs:\s*http://HTTPS///"
        sources_repl="URIs: https://"
        list_search="^\s*\(#*\)\s*deb\(.*\)http://HTTPS///"
        list_repl="\1deb\2https://"
        sources_expr="s|${sources_search}|${sources_repl}|w ${changes_file}"
        list_expr="s|${list_search}|${list_repl}|w ${changes_file}"
        find "${@}" -type f -exec sed -i \
-          -e "s|URIs:\s*http://HTTPS///|URIs: https://|w ${changes_file}" \
+          -e "${list_expr}" -e "${sources_expr}" \
          -e "s|^\s*\(#*\)\s*deb\(.*\)http://HTTPS///|\1deb\2https://|w ${changes_file}" \
        {} \+
        ;;
    esac
@ -242,21 +271,27 @@ EOF
    case "${action}" in
      install)
        repo_search="Server\s*=\s*https://" \
        repo_repl="Server = http://HTTPS///"
        repo_regex="s|${repo_search}|${repo_repl}|w ${changes_file}"
        find "${@}" -type f -exec sed -i \
-          -e "s|Server\s*=\s*https://|Server = http://HTTPS///|w ${changes_file}" \
+          -e "${repo_regex}" \
        {} \+
        ;;
      uninstall)
        repo_search="Server\s*=\s*http://HTTPS///"
        repo_repl="Server = https://"
        repo_regex="s|${repo_search}|${repo_repl}|w ${changes_file}"
        find "${@}" -type f -exec sed -i \
-          -e "s|Server\s*=\s*http://HTTPS///|Server = https://|w ${changes_file}" \
+          -e "${repo_regex}" \
        {} \+
        ;;
    esac
  else
    ## Gentoo: upstream does not have a good solution:
-    ##   https://wiki.gentoo.org/wiki/Local_distfiles_cache#Configuring_for_Gentoo
+    ## https://wiki.gentoo.org/wiki/Local_distfiles_cache#Configuring_for_Gentoo
    reject_os
  fi
 }
--- a/salt/sys-electrs/clone.sls
+++ b/salt/sys-electrs/clone.sls
@ -9,6 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {{ clone_template('debian-minimal', 'electrs-builder', include_create=False) }}
 {#
 # editorconfig-checker-disable
 TODO: Recheck: Cargo index fetch isis too big to be fetched over tor.
 Impossible to fetch Cargo index over tor as of Bookworm Cargo 1.65.
 Cargo >=1.68 does support "sparse" registry protocol,
@ -36,4 +37,5 @@ Caused by:
 {#
 {{ clone_template(['debian-minimal', 'whonix-workstation'], sls_path) }}
 {{ clone_template('whonix-workstation', 'electrs-builder', include_create=False) }}
 # editorconfig-checker-enable
 #}
--- a/salt/sys-git/files/client/git-core/git-init-qrexec
+++ b/salt/sys-git/files/client/git-core/git-init-qrexec
@ -11,14 +11,16 @@ case "${GIT_TRACE_HELPER:-}" in
 esac
 usage(){
-  echo "Usage: ${helper} [<qube>] [<repository>]"
+  echo "Usage: ${helper} [<qube>] [<repository>]" >&2
-  echo "Note: qube defaults to '@default' and repository to the current repository"
+  echo "Note: qube defaults to @default" >&2
  echo "Note: repository defaults to current working repository" >&2
  exit 1
 }
 is_git_repo(){
  if ! git rev-parse --show-toplevel >/dev/null 2>&1; then
-    echo "Error: Either run from inside a git repository or provide it as an argument" >&2
+    echo "Error: Current working directory is not in a git repository" >&2
    echo "Error: Run from a repository or pass the name as an argument" >&2
    usage
  fi
 }
@ -49,7 +51,8 @@ elif command -v qrexec-client >/dev/null; then
    die "Qube doesn't exist: '${authority}'"
  fi
  qvm-start --skip-if-running -- "${authority}"
-  exec qrexec-client -tT -d "${authority}" -- "DEFAULT:QUBESRPC ${rpc_cmd} dom0"
+  rpc_cmd="DEFAULT:QUBESRPC ${rpc_cmd} dom0"
  exec qrexec-client -tT -d "${authority}" -- "${rpc_cmd}"
 fi
 die "Qrexec programs not found: qrexec-client-vm, qrexec-client"
--- a/salt/sys-git/files/client/git-core/git-remote-qrexec
+++ b/salt/sys-git/files/client/git-core/git-remote-qrexec
@ -12,7 +12,9 @@
 set -eu
 usage(){
-  echo "Usage: ${helper} <remote> [${scheme}://<authority>/<path>[?query=value][&other_query=value]]" >&2
+  url_format="${scheme}://<authority>/<path>"
  url_format="${url_format}[?query=value][&other_query=value]"
  echo "Usage: ${helper} <remote> [${url_format}]" >&2
 }
 die(){
--- a/salt/sys-git/files/client/git-core/git-remote-qrexec-connect
+++ b/salt/sys-git/files/client/git-core/git-remote-qrexec-connect
@ -76,8 +76,9 @@ elif command -v qrexec-client >/dev/null; then
    die "Qube doesn't exist: '${authority}'"
  fi
  qvm-start --skip-if-running -- "${authority}"
-  log "->" qrexec-client -T -d "${authority}" -- "DEFAULT:QUBESRPC ${rpc_cmd} dom0"
+  rpc_cmd="DEFAULT:QUBESRPC ${rpc_cmd} dom0"
-  exec qrexec-client -T -d "${authority}" -- "DEFAULT:QUBESRPC ${rpc_cmd} dom0"
+  log "->" qrexec-client -T -d "${authority}" -- "${rpc_cmd}"
  exec qrexec-client -T -d "${authority}" -- "${rpc_cmd}"
 fi
 die "Qrexec programs not found: qrexec-client-vm, qrexec-client"
--- a/salt/sys-git/files/server/rpc/qusal.GitInit
+++ b/salt/sys-git/files/server/rpc/qusal.GitInit
@ -1,6 +1,6 @@
 #!/bin/sh
-# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
@ -24,7 +24,10 @@ fi
 if ! (echo "${untrusted_repo}" | grep -q "^[A-Za-z0-9][A-Za-z0-9_.-]\+$")
 then
-  die "Forbidden characters in repository name. Allowed chars: letters, numbers, hyphen, underscore and dot. It cannot begin with hyphen, underscore or dot"
+  msg="Forbidden characters in agent name."
  msg="${msg} Allowed chars: letters, numbers, hyphen, underscore and dot."
  msg="${msg} Name cannot begin with hyphen, underscore or dot"
  die "${msg}"
 fi
 ## Length arbitrarily set.
@ -52,7 +55,8 @@ esac
 if test "${action}" != "Init"; then
  test -d "${path}" || die "Directory doesn't exist: ${repo}"
-  git -C "${path}" rev-parse >/dev/null 2>&1 || die "Not a git repository: ${repo}"
+  git -C "${path}" rev-parse >/dev/null 2>&1 ||
    die "Not a git repository: ${repo}"
  is_bare="$(git -C "${path}" rev-parse --is-bare-repository)"
  test "${is_bare}" = "true" || die "Not a bare repository: ${repo}"
 fi
--- a/salt/sys-net/files/server/rpc/qusal.ConnectTCP
+++ b/salt/sys-net/files/server/rpc/qusal.ConnectTCP
@ -6,11 +6,11 @@
 ## How to use with SSH?
 ## On Dom0 Qrexec policy:
-##   qusal.ConnectTCP +domain.tld+22 sshclient @default ask default_target=sshproxy
+##   qusal.ConnectTCP +domain.tld+22 client @default ask default_target=proxy
 ## On Dom0, enable the "qusal-proxy-client" service for the client qube:
-##   qvm-features sshclient service.qusal-proxy-client 1
+##   qvm-features client service.qusal-proxy-client 1
 ## On the SSH Proxy server (netvm of your liking), install this RPC service.
-##   qubesctl --skip-dom0 --targets=sshproxy state.apply sys-net.install-proxy
+##   qubesctl --skip-dom0 --targets=proxy state.apply sys-net.install-proxy
 ## On the client ssh configuration:
 ##   Match Exec "test -f /var/run/qubes-service/qusal-proxy-client"
 ##           ProxyCommand qrexec-client-vm @default qusal.ConnectTCP+%h+%p
--- a/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent
+++ b/salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent
@ -1,21 +1,28 @@
 #!/bin/sh
-# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 set -eu
 die(){
  echo "error: ${1}" >&2
  exit 1
 }
 untrusted_agent="$QREXEC_SERVICE_ARGUMENT"
 if test -z "${untrusted_agent}"; then
-  echo "Agent name is empty" >&2
+  die "Agent name is empty"
  exit 1
 fi
 if ! (echo "${untrusted_agent}" | grep -q "^[A-Za-z0-9][A-Za-z0-9_.-]\+$")
 then
-  die "Forbidden characters in agent name. Allowed chars: letters, numbers, hyphen, underscore and dot. It cannot begin with hyphen, underscore or dot"
+  msg="Forbidden characters in agent name."
  msg="${msg} Allowed chars: letters, numbers, hyphen, underscore and dot."
  msg="${msg} Name cannot begin with hyphen, underscore or dot"
  die "${msg}"
 fi
 ## Length arbitrarily set.
--- a/salt/sys-syncthing/files/browser/rc.local.d/50-sys-syncthing.rc
+++ b/salt/sys-syncthing/files/browser/rc.local.d/50-sys-syncthing.rc
@ -4,6 +4,7 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
-cp -r /rw/config/systemd/qusal-syncthing-browser-forwarder* /usr/lib/systemd/system/
+cp -r /rw/config/systemd/qusal-syncthing-browser-forwarder* \
  /usr/lib/systemd/system/
 systemctl daemon-reload
 systemctl --no-block restart qusal-syncthing-browser-forwarder.socket
--- a/salt/sys-wireguard/files/admin/bin/qvm-wireguard
+++ b/salt/sys-wireguard/files/admin/bin/qvm-wireguard
@ -48,7 +48,8 @@ qvm-run -u root "$qube" -- "cp ${user_conf} ${system_conf}"
 ## TOFU
 # shellcheck disable=SC2016
-endpoint="$(qvm-run -p -u root "$qube" -- awk '/Endpoint/{print $3}' "${system_conf}")"
+endpoint="$(qvm-run -p -u root "$qube" -- awk '/Endpoint/{print $3}' \
  "${system_conf}")"
 if echo "${endpoint}" | grep -qF "["; then
  ip="${ip##[\[]}"
  ip="${ip%%\]*}"
@ -70,8 +71,10 @@ fi
 echo "Firewalling $qube to reach only '$ip:$port'"
 qvm-firewall --verbose -- "$qube" reset
 qvm-firewall --verbose -- "$qube" del --rule-no 0
-qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" proto=udp
+qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" \
-qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" proto=tcp
+  proto=udp
 qvm-firewall --verbose -- "$qube" add accept dsthost="$ip" dstports="$port" \
  proto=tcp
 qvm-firewall --verbose -- "$qube" add drop
 if qvm-check -q --paused -- "$qube" >/dev/null 2>&1; then
--- a/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var
+++ b/salt/sys-wireguard/files/server/qubes-firewall.d/50-sys-wireguard-var
@ -21,7 +21,9 @@ set_nft_dnat(){
  ipv="${1}" # empty(4), 6
  proto="${2}" # tcp, udp
  dns_host="${3}"
-  set_nft "insert rule ip${ipv} qubes custom-dnat iifgroup 2 ${proto} dport 53 dnat to ${dns_host}"
+  rule_prefix="insert rule ip${ipv} qubes custom-dnat iifgroup 2 ${proto}"
  rule_suffix="dport 53 dnat to ${dns_host}"
  set_nft "${rule_prefix} ${rule_suffix}"
 }
 dns="$(grep -s "^\s*DNS\s*=\s*\S\+" "${wg_conf}" | sed "s/.*=//;s/ //g")"
--- a/scripts/markdown-lint.sh
+++ b/scripts/markdown-lint.sh
@ -40,8 +40,8 @@ fi
 case "${find_tool}" in
  fd|fdfind)
-    files="$(${find_tool} . --hidden --exclude .github --type=f --extension=md)"
+    files="$(${find_tool} . -H -E .github -t f -e md)"
-    extra_files="$(${find_tool} . --hidden --type=f --extension=md .github)"
+    extra_files="$(${find_tool} . -H -t f -e md .github)"
    ;;
  find)
    files="$(find . -not -path './.github/*' -type f -name "*.md")"
--- a/scripts/qubesbuilder-gen.sh
+++ b/scripts/qubesbuilder-gen.sh
@ -20,13 +20,14 @@ if test "${1-}" = "test"; then
 fi
 ignored="$(git ls-files --exclude-standard --others --ignored salt/)"
 untracked="$(git ls-files --exclude-standard --others salt/)"
-unwanted="$(printf %s"${ignored}\n${untracked}\n" | grep "^salt/\S\+/README.md" \
+unwanted="$(printf %s"${ignored}\n${untracked}\n" |
-            | cut -d "/" -f2 | sort -u)"
+  grep "^salt/\S\+/README.md" | cut -d "/" -f2 | sort -u)"
 group="$(./scripts/spec-get.sh dom0 group)"
-projects="$(find salt/ -mindepth 1 -maxdepth 1 -type d \
+projects="$(find salt/ -mindepth 1 -maxdepth 1 -type d | sort -d |
-            | sort -d | sed "s|^salt/\(\S\+\)|      - rpm_spec/${group}-\1.spec|")"
+  sed "s|^salt/\(\S\+\)|      - rpm_spec/${group}-\1.spec|")"
 for unwanted_project in ${unwanted}; do
-  projects="$(echo "${projects}" | sed "\@rpm_spec/${group}-${unwanted_project}.spec@d")"
+  projects="$(echo "${projects}" |
    sed "\@rpm_spec/${group}-${unwanted_project}.spec@d")"
 done
 if test "${1-}" = "print"; then
--- a/scripts/salt-fix.sh
+++ b/scripts/salt-fix.sh
@ -18,8 +18,14 @@ cd "$(git rev-parse --show-toplevel)" || exit 1
 find_tool="$(./scripts/best-program.sh fd fdfind find)"
 case "${find_tool}" in
-  fd|fdfind) files="$(${find_tool} . minion.d/ --extension=conf) $(${find_tool} . salt/ --max-depth=2 --type=f --extension=sls)";;
+  fd|fdfind)
-  find) files="$(find minion.d/ -type f -name "*.conf") $(find salt/ -maxdepth 2 -type f -name '*.sls')";;
+    files="$(${find_tool} . minion.d/ --extension=conf)
      $(${find_tool} . salt/ --max-depth=2 --type=f --extension=sls)"
    ;;
  find)
    files="$(find minion.d/ -type f -name "*.conf")
      $(find salt/ -maxdepth 2 -type f -name '*.sls')"
    ;;
 esac
 ## 201 - Fix trailing whitespace:
--- a/scripts/salt-lint.sh
+++ b/scripts/salt-lint.sh
@ -31,8 +31,15 @@ if test -n "${1-}"; then
 fi
 case "${find_tool}" in
-  fd|fdfind) files="$(${find_tool} . minion.d/ --extension=conf) $(${find_tool} . salt/ --max-depth=2 --type=f --extension=sls --extension=top | sort -d)";;
+  fd|fdfind)
-  find) files="$(find minion.d/ -type f -name "*.conf") $(find salt/* -maxdepth 2 -type f \( -name '*.sls' -o -name '*.top' \) | sort -d)";;
+    files="$(${find_tool} . minion.d/ --e  conf)
    $(${find_tool} . salt/ -d 2 -t f -e sls -e top | sort -d)"
    ;;
  find)
    files="$(find minion.d/ -type f -name "*.conf")
    $(find salt/* -maxdepth 2 -type f \( -name '*.sls' -o -name '*.top' \) |
      sort -d)"
    ;;
 esac
 exec salt-lint ${conf} ${files}
--- a/scripts/shell-lint.sh
+++ b/scripts/shell-lint.sh
@ -13,8 +13,38 @@ command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; }
 cd "$(git rev-parse --show-toplevel)" || exit 1
 ./scripts/requires-program.sh shellcheck file
 exit_code=0
 find_tool="$(./scripts/best-program.sh fd fdfind find)"
 show_long_lines(){
  tty_stderr=0
  if test -t 2; then
    tty_stderr=1
  fi
  awk -v color="${tty_stderr}" '
    BEGIN {
      MAGENTA=""
      GREEN=""
      RESET=""
      if (color == 1) {
        MAGENTA="\033[1;35m"
        GREEN="\033[1;32m"
        RESET="\033[0m"
      }
    }
    {
    nlines++;
    if (length > 78 && !/^\s*#.*(:\/\/|SPDX-)/) {
      exit_code=1
      prefix = MAGENTA FILENAME RESET ":" GREEN FNR RESET
      print prefix ": line too long: " length " > 78" >"/dev/stderr"
      if (nlines==NR) { if (exit_code==1) { exit 1; }; }
    }
    if (nlines==NR) { if (exit_code==1) { exit 1; }; }
  }
  ' "${@}" >&2
 }
 if test -n "${1-}"; then
  files=""
  sh_files=""
@ -32,31 +62,40 @@ if test -n "${1-}"; then
  if test -z "$files" && test -z "$sh_files"; then
    exit 0
  fi
-  test -z "$files" || shellcheck ${files}
+  if test -n "${files}" || test -n "${sh_files}"; then
-  test -z "$sh_files" || shellcheck -s sh ${sh_files}
+    show_long_lines ${files} ${sh_files} || exit_code=1
-  exit
+  fi
  if test -n "${files}"; then
    shellcheck ${files} || exit_code=1
  fi
  if test -n "${sh_files}"; then
    shellcheck -s sh ${sh_files} || exit_code=1
  fi
  exit "${exit_code}"
 fi
 case "${find_tool}" in
  fd|fdfind)
    # shellcheck disable=2016,2215
-    files="$(${find_tool} . scripts/ salt/ --hidden --exclude=zsh --type=f \
+    files="$(${find_tool} . scripts/ salt/ -H -E zsh -t f -X file |
-              --exec-batch file | awk -F ":" '/ shell script,/{ print $1 }')"
+      awk -F ":" '/ shell script,/{ print $1 }')"
    ## No Shebang
    sh_files="$(${find_tool} rc.local salt/ --type=f)"
    ;;
  find)
    files="$(find scripts/ salt/ -not \( -path "*/zsh" -prune \) -type f \
-              -exec file {} \+ | awk -F ":" '/ shell script,/{ print $1 }')"
+      -exec file {} \+ | awk -F ":" '/ shell script,/{ print $1 }')"
    ## No Shebang
    sh_files="$(find salt/ -type f -name "rc.local")"
    ;;
 esac
-echo "${files}" | sort -u | tr " " "\n"
+files="$(echo "$files" | sort -u)"
-exit
+sh_files="$(echo "$sh_files" | sort -u)"
-#files="$(echo "$files" | sort -u)"
+show_long_lines ${files} ${sh_files} || exit_code=1
-#sh_files="$(echo "$sh_files" | sort -u)"
+shellcheck ${files} || exit_code=1
-#test -z "${files}" || shellcheck ${files}
+if test -n "$sh_files"; then
-#test -z "${sh_files}" || shellcheck -s sh ${sh_files}
+  shellcheck -s sh ${sh_files} || exit_code=1
 fi
 exit "${exit_code}"
--- a/scripts/spec-gen.sh
+++ b/scripts/spec-gen.sh
@ -27,8 +27,10 @@ escape_key(){
 ## Get scriptlet command, else fail safe.
 get_scriptlet(){
  scriptlet="$1"
  scriptlet_begin="-- pkg:begin:${scriptlet} --"
  scriptlet_end="-- pkg:end:${scriptlet} --"
  scriptlet="$(sed -n \
-    "/^<\!-- pkg:begin:${scriptlet} -->$/,/^<\!-- pkg:end:${scriptlet} -->$/p" \
+    "/^<\!${scriptlet_begin}>$/,/^<\!${scriptlet_end}>$/p" \
    "${readme}" | sed '/^```.*/d;/^\S*$/d;/^<\!-- pkg:/d;s/^sudo //')"
  if test -z "${scriptlet}"; then
    echo true
@ -159,7 +161,9 @@ if test "${1-}" = "test"; then
  shift
 fi
-if echo "${@}" | grep -qE "(^scripts/| scripts/|/template.spec)" || test -z "${1-}"; then
+if echo "${@}" | grep -qE "(^scripts/| scripts/|/template.spec)" ||
  test -z "${1-}"
 then
  # shellcheck disable=SC2046
  set -- $(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \
            | sort -d | tr "\n" " ")
--- a/scripts/spec-get.sh
+++ b/scripts/spec-get.sh
@ -13,7 +13,7 @@ usage(){
  echo "Usage: ${0##*/} <NAME> <KEY>"
  echo "Example: ${0##*/} qubes-builder description"
  echo "Names: ${names}"
-  echo "Keys: ${keys}"
+  echo "Keys: $(echo "${keys}" | tr "\n" " ")"
 }
 block_max_chars(){
@ -21,13 +21,31 @@ block_max_chars(){
  char_value="${2}"
  less_than="${3}"
  if test "${#char_value}" -ge "${less_than}"; then
-    echo "Error: ${char_key} is too long. Must be less than ${less_than} chars." >&2
+    echo "Error: ${char_key} is too long. Must be <${less_than} chars." >&2
    echo "Key contents: ${char_value}" >&2
    exit 1
  fi
 }
-keys="name branch group file_roots requires packager vendor url bug_url version project project_dir changelog readme license_csv license description summary saltfiles"
+keys="name
 branch
 group
 file_roots
 requires
 packager
 vendor
 url
 bug_url
 version
 project
 project_dir
 changelog
 readme
 license_csv
 license
 description
 summary
 saltfiles"
 name=""
 key=""
@ -97,7 +115,10 @@ fi
 ## project per directory. The disadvantage of the changelog below is it
 # #doesn't differentiate commits per version and release, but per commit id.
 if test "${key}" = "changelog"; then
-  changelog="$(TZ=UTC0 git log -n 50 --format=format:"* %cd %an <%ae> - %h%n- %s%n" --date=format:"%a %b %d %Y" -- "${project_dir}" | sed -re "s/^- +- */- /")"
+  changelog="$(TZ=UTC0 git log -n 50 \
    --format=format:"* %cd %an <%ae> - %h%n- %s%n" \
    --date=format:"%a %b %d %Y" -- "${project_dir}" | \
    sed -re "s/^- +- */- /")"
 fi
 if test "${key}" = "description"; then
@ -117,7 +138,9 @@ if test "${key}" = "saltfiles" || test "${key}" = "requires"; then
  saltfiles="$(find "${project_dir}" -maxdepth 1 -name "*.sls")"
  # shellcheck disable=SC2086
  if test -n "${saltfiles}"; then
-    requires="$(sed -n '/^include:$/,/^\s*$/p' -- ${saltfiles} | sed "/^\s*- \./d;/{/d" | grep "^\s*- " | cut -d "." -f1 | sort -u | sed "s/- //")"
+    requires="$(sed -n '/^include:$/,/^\s*$/p' -- ${saltfiles} |
      sed "/^\s*- \./d;/{/d" | grep "^\s*- " | cut -d "." -f1 | sort -u |
      sed "s/- //")"
    if grep -qrn "{%-\? from \('\|\"\)utils" ${saltfiles}; then
      if test -n "${requires}"; then
        requires="${requires} utils"
--- a/scripts/toc-gen.sh
+++ b/scripts/toc-gen.sh
@ -37,6 +37,7 @@ for f in "$@"; do
  ## This is fragile, the table of contents should have at least one block
  ## separated by an empty line before the nest heading, else it will delete
  ## the rest of the file.
-  vim -c 'norm zRgg' -c '/^## Table of Contents$' -c 'norm jd}k' -c ':GenTocGFM' -c 'norm ddgg' -c wq -- "${f}"
+  vim -c 'norm zRgg' -c '/^## Table of Contents$' -c 'norm jd}k' \
      -c ':GenTocGFM' -c 'norm ddgg' -c wq -- "${f}"
  echo "Updated TOC in file: $f"
 done
		`@ -1 +1 @@`
			`Subproject commit a8129e053a38dc4c69b2010e5202c1632e67a69d`				`Subproject commit 024e9c469de634181ec77eb52420f25339f4f01e`