@@ -60,7 +60,7 @@ for HIER in $(cut -d: -f2 /proc/1/cgroup); do

 	mkdir -p "$CGROUP/$HIER"

-	if ! mountpoint -q $CGROUP/$HIER; then

+	if ! mountpoint -q "$CGROUP/$HIER"; then

 		mount -n -t cgroup -o "$OHIER" cgroup "$CGROUP/$HIER"

 	fi

@@ -252,7 +252,7 @@ bundle() {

 	bundlescript=$1

 	bundle=$(basename $bundlescript)

 	echo "---> Making bundle: $bundle (in bundles/$VERSION/$bundle)"

-	mkdir -p bundles/$VERSION/$bundle

+	mkdir -p "bundles/$VERSION/$bundle"

 	source "$bundlescript" "$(pwd)/bundles/$VERSION/$bundle"

 }

@@ -262,13 +262,13 @@ main() {

 	mkdir -p bundles

 	if [ -e "bundles/$VERSION" ]; then

 		echo "bundles/$VERSION already exists. Removing."

-		rm -fr bundles/$VERSION && mkdir bundles/$VERSION || exit 1

+		rm -fr "bundles/$VERSION" && mkdir "bundles/$VERSION" || exit 1

 		echo

 	fi

 	if [ "$(go env GOHOSTOS)" != 'windows' ]; then

 		# Windows and symlinks don't get along well

-		ln -sfT $VERSION bundles/latest

+		ln -sfT "$VERSION" bundles/latest

 	fi

 	if [ $# -lt 1 ]; then

@@ -277,7 +277,7 @@ main() {

 		bundles=($@)

 	fi

 	for bundle in ${bundles[@]}; do

-		bundle $SCRIPTDIR/make/$bundle

+		bundle "$SCRIPTDIR/make/$bundle"

 		echo

 	done

 }

@@ -30,4 +30,4 @@ else

 fi

 # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another

-export DOCKER_INITSHA1="$($sha1sum $DEST/dockerinit-$VERSION | cut -d' ' -f1)"

+export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)

@@ -27,4 +27,4 @@ else

 fi

 # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another

-export DOCKER_INITSHA1="$($sha1sum $DEST/dockerinit-$VERSION | cut -d' ' -f1)"

+export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)

@@ -2,8 +2,8 @@

 for pidFile in $(find "$DEST" -name docker.pid); do

 	pid=$(set -x; cat "$pidFile")

-	( set -x; kill $pid )

-	if ! wait $pid; then

+	( set -x; kill "$pid" )

+	if ! wait "$pid"; then

 		echo >&2 "warning: PID $pid from $pidFile had a nonzero exit code"

 	fi

 done

@@ -22,4 +22,4 @@ bundle_test_integration() {

 # spews when it is given packages that aren't used

 bundle_test_integration 2>&1 \

 	| grep --line-buffered -v '^warning: no packages being tested depend on ' \

-	| tee -a $DEST/test.log

+	| tee -a "$DEST/test.log"

@@ -85,4 +85,4 @@ go_run_test_dir() {

 	fi

 }

-bundle_test_unit 2>&1 | tee -a $DEST/test.log

+bundle_test_unit 2>&1 | tee -a "$DEST/test.log"

@@ -40,26 +40,26 @@ bundle_ubuntu() {

 	DIR=$DEST/build

 	# Include our udev rules

-	mkdir -p $DIR/etc/udev/rules.d

-	cp contrib/udev/80-docker.rules $DIR/etc/udev/rules.d/

+	mkdir -p "$DIR/etc/udev/rules.d"

+	cp contrib/udev/80-docker.rules "$DIR/etc/udev/rules.d/"

 	# Include our init scripts

-	mkdir -p $DIR/etc/init

-	cp contrib/init/upstart/docker.conf $DIR/etc/init/

-	mkdir -p $DIR/etc/init.d

-	cp contrib/init/sysvinit-debian/docker $DIR/etc/init.d/

-	mkdir -p $DIR/etc/default

-	cp contrib/init/sysvinit-debian/docker.default $DIR/etc/default/docker

-	mkdir -p $DIR/lib/systemd/system

-	cp contrib/init/systemd/docker.{service,socket} $DIR/lib/systemd/system/

+	mkdir -p "$DIR/etc/init"

+	cp contrib/init/upstart/docker.conf "$DIR/etc/init/"

+	mkdir -p "$DIR/etc/init.d"

+	cp contrib/init/sysvinit-debian/docker "$DIR/etc/init.d/"

+	mkdir -p "$DIR/etc/default"

+	cp contrib/init/sysvinit-debian/docker.default "$DIR/etc/default/docker"

+	mkdir -p "$DIR/lib/systemd/system"

+	cp contrib/init/systemd/docker.{service,socket} "$DIR/lib/systemd/system/"

 	# Include contributed completions

-	mkdir -p $DIR/etc/bash_completion.d

-	cp contrib/completion/bash/docker $DIR/etc/bash_completion.d/

-	mkdir -p $DIR/usr/share/zsh/vendor-completions

-	cp contrib/completion/zsh/_docker $DIR/usr/share/zsh/vendor-completions/

-	mkdir -p $DIR/etc/fish/completions

-	cp contrib/completion/fish/docker.fish $DIR/etc/fish/completions/

+	mkdir -p "$DIR/etc/bash_completion.d"

+	cp contrib/completion/bash/docker "$DIR/etc/bash_completion.d/"

+	mkdir -p "$DIR/usr/share/zsh/vendor-completions"

+	cp contrib/completion/zsh/_docker "$DIR/usr/share/zsh/vendor-completions/"

+	mkdir -p "$DIR/etc/fish/completions"

+	cp contrib/completion/fish/docker.fish "$DIR/etc/fish/completions/"

 	# Include contributed man pages

 	docs/man/md2man-all.sh -q

@@ -76,11 +76,11 @@ bundle_ubuntu() {

 	# Copy the binary

 	# This will fail if the binary bundle hasn't been built

-	mkdir -p $DIR/usr/bin

-	cp $DEST/../binary/docker-$VERSION $DIR/usr/bin/docker

+	mkdir -p "$DIR/usr/bin"

+	cp "$DEST/../binary/docker-$VERSION" "$DIR/usr/bin/docker"

 	# Generate postinst/prerm/postrm scripts

-	cat > $DEST/postinst <<'EOF'

+	cat > "$DEST/postinst" <<'EOF'

 #!/bin/sh

 set -e

 set -u

@@ -104,7 +104,7 @@ service docker $_dh_action 2>/dev/null || true

 #DEBHELPER#

 EOF

-	cat > $DEST/prerm <<'EOF'

+	cat > "$DEST/prerm" <<'EOF'

 #!/bin/sh

 set -e

 set -u

@@ -113,7 +113,7 @@ service docker stop 2>/dev/null || true

 #DEBHELPER#

 EOF

-	cat > $DEST/postrm <<'EOF'

+	cat > "$DEST/postrm" <<'EOF'

 #!/bin/sh

 set -e

 set -u

@@ -131,18 +131,18 @@ fi

 #DEBHELPER#

 EOF

 	# TODO swaths of these were borrowed from debhelper's auto-inserted stuff, because we're still using fpm - we need to use debhelper instead, and somehow reconcile Ubuntu that way

-	chmod +x $DEST/postinst $DEST/prerm $DEST/postrm

+	chmod +x "$DEST/postinst" "$DEST/prerm" "$DEST/postrm"

 	(

 		# switch directories so we create *.deb in the right folder

-		cd $DEST

+		cd "$DEST"

 		# create lxc-docker-VERSION package

-		fpm -s dir -C $DIR \

-			--name lxc-docker-$VERSION --version "$PKGVERSION" \

-			--after-install $DEST/postinst \

-			--before-remove $DEST/prerm \

-			--after-remove $DEST/postrm \

+		fpm -s dir -C "$DIR" \

+			--name "lxc-docker-$VERSION" --version "$PKGVERSION" \

+			--after-install "$DEST/postinst" \

+			--before-remove "$DEST/prerm" \

+			--after-remove "$DEST/postrm" \

 			--architecture "$PACKAGE_ARCHITECTURE" \

 			--prefix / \

 			--depends iptables \

@@ -184,8 +184,8 @@ EOF

 	)

 	# clean up after ourselves so we have a clean output directory

-	rm $DEST/postinst $DEST/prerm $DEST/postrm

-	rm -r $DIR

+	rm "$DEST/postinst" "$DEST/prerm" "$DEST/postrm"

+	rm -r "$DIR"

 }

 bundle_ubuntu

@@ -71,23 +71,23 @@ BUCKET=$AWS_S3_BUCKET

 setup_s3() {

 	# Try creating the bucket. Ignore errors (it might already exist).

-	s3cmd mb s3://$BUCKET 2>/dev/null || true

+	s3cmd mb "s3://$BUCKET" 2>/dev/null || true

 	# Check access to the bucket.

 	# s3cmd has no useful exit status, so we cannot check that.

 	# Instead, we check if it outputs anything on standard output.

 	# (When there are problems, it uses standard error instead.)

-	s3cmd info s3://$BUCKET | grep -q .

+	s3cmd info "s3://$BUCKET" | grep -q .

 	# Make the bucket accessible through website endpoints.

-	s3cmd ws-create --ws-index index --ws-error error s3://$BUCKET

+	s3cmd ws-create --ws-index index --ws-error error "s3://$BUCKET"

 }

 # write_to_s3 uploads the contents of standard input to the specified S3 url.

 write_to_s3() {

 	DEST=$1

 	F=`mktemp`

-	cat > $F

-	s3cmd --acl-public --mime-type='text/plain' put $F $DEST

-	rm -f $F

+	cat > "$F"

+	s3cmd --acl-public --mime-type='text/plain' put "$F" "$DEST"

+	rm -f "$F"

 }

 s3_url() {

@@ -246,20 +246,20 @@ release_build() {

 # 1. A full APT repository is published at $BUCKET/ubuntu/

 # 2. Instructions for using the APT repository are uploaded at $BUCKET/ubuntu/index

 release_ubuntu() {

-	[ -e bundles/$VERSION/ubuntu ] || {

+	[ -e "bundles/$VERSION/ubuntu" ] || {

 		echo >&2 './hack/make.sh must be run before release_ubuntu'

 		exit 1

 	}

 	# Sign our packages

 	dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k releasedocker \

-		--sign builder bundles/$VERSION/ubuntu/*.deb

+		--sign builder "bundles/$VERSION/ubuntu/"*.deb

 	# Setup the APT repo

 	APTDIR=bundles/$VERSION/ubuntu/apt

-	mkdir -p $APTDIR/conf $APTDIR/db

-	s3cmd sync s3://$BUCKET/ubuntu/db/ $APTDIR/db/ || true

-	cat > $APTDIR/conf/distributions <<EOF

+	mkdir -p "$APTDIR/conf" "$APTDIR/db"

+	s3cmd sync "s3://$BUCKET/ubuntu/db/" "$APTDIR/db/" || true

+	cat > "$APTDIR/conf/distributions" <<EOF

 Codename: docker

 Components: main

 Architectures: amd64 i386

@@ -267,19 +267,19 @@ EOF

 	# Add the DEB package to the APT repo

 	DEBFILE=bundles/$VERSION/ubuntu/lxc-docker*.deb

-	reprepro -b $APTDIR includedeb docker $DEBFILE

+	reprepro -b "$APTDIR" includedeb docker "$DEBFILE"

 	# Sign

 	for F in $(find $APTDIR -name Release); do

-		gpg -u releasedocker --passphrase $GPG_PASSPHRASE \

+		gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \

 			--armor --sign --detach-sign \

-			--output $F.gpg $F

+			--output "$F.gpg" "$F"

 	done

 	# Upload keys

-	s3cmd sync $HOME/.gnupg/ s3://$BUCKET/ubuntu/.gnupg/

-	gpg --armor --export releasedocker > bundles/$VERSION/ubuntu/gpg

-	s3cmd --acl-public put bundles/$VERSION/ubuntu/gpg s3://$BUCKET/gpg

+	s3cmd sync "$HOME/.gnupg/" "s3://$BUCKET/ubuntu/.gnupg/"

+	gpg --armor --export releasedocker > "bundles/$VERSION/ubuntu/gpg"

+	s3cmd --acl-public put "bundles/$VERSION/ubuntu/gpg" "s3://$BUCKET/gpg"

 	local gpgFingerprint=36A1D7869245C8950F966E92D8576A8BA88D21E9

 	if [[ $BUCKET == test* ]]; then

@@ -287,7 +287,7 @@ EOF

 	fi

 	# Upload repo

-	s3cmd --acl-public sync $APTDIR/ s3://$BUCKET/ubuntu/

+	s3cmd --acl-public sync "$APTDIR/" "s3://$BUCKET/ubuntu/"

 	cat <<EOF | write_to_s3 s3://$BUCKET/ubuntu/index

 # Check that HTTPS transport is available to APT

 if [ ! -e /usr/lib/apt/methods/https ]; then

@@ -312,14 +312,14 @@ EOF

 	# Add redirect at /ubuntu/info for URL-backwards-compatibility

 	rm -rf /tmp/emptyfile && touch /tmp/emptyfile

-	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/ubuntu/' --mime-type='text/plain' put /tmp/emptyfile s3://$BUCKET/ubuntu/info

+	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/ubuntu/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET/ubuntu/info"

 	echo "APT repository uploaded. Instructions available at $(s3_url)/ubuntu"

 }

 # Upload binaries and tgz files to S3

 release_binaries() {

-	[ -e bundles/$VERSION/cross/linux/amd64/docker-$VERSION ] || {

+	[ -e "bundles/$VERSION/cross/linux/amd64/docker-$VERSION" ] || {

 		echo >&2 './hack/make.sh must be run before release_binaries'

 		exit 1

 	}

@@ -341,29 +341,29 @@ EOF

 	# Add redirect at /builds/info for URL-backwards-compatibility

 	rm -rf /tmp/emptyfile && touch /tmp/emptyfile

-	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/builds/' --mime-type='text/plain' put /tmp/emptyfile s3://$BUCKET/builds/info

+	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/builds/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET/builds/info"

 	if [ -z "$NOLATEST" ]; then

 		echo "Advertising $VERSION on $BUCKET as most recent version"

-		echo $VERSION | write_to_s3 s3://$BUCKET/latest

+		echo "$VERSION" | write_to_s3 "s3://$BUCKET/latest"

 	fi

 }

 # Upload the index script

 release_index() {

-	sed "s,url='https://get.docker.com/',url='$(s3_url)/'," hack/install.sh | write_to_s3 s3://$BUCKET/index

+	sed "s,url='https://get.docker.com/',url='$(s3_url)/'," hack/install.sh | write_to_s3 "s3://$BUCKET/index"

 }

 release_test() {

 	if [ -e "bundles/$VERSION/test" ]; then

-		s3cmd --acl-public sync bundles/$VERSION/test/ s3://$BUCKET/test/

+		s3cmd --acl-public sync "bundles/$VERSION/test/" "s3://$BUCKET/test/"

 	fi

 }

 setup_gpg() {

 	# Make sure that we have our keys

-	mkdir -p $HOME/.gnupg/

-	s3cmd sync s3://$BUCKET/ubuntu/.gnupg/ $HOME/.gnupg/ || true

+	mkdir -p "$HOME/.gnupg/"

+	s3cmd sync "s3://$BUCKET/ubuntu/.gnupg/" "$HOME/.gnupg/" || true

 	gpg --list-keys releasedocker >/dev/null || {

 		gpg --gen-key --batch <<EOF

 Key-Type: RSA