From be048ee8735644a665073ca7cc66c638903277ed Mon Sep 17 00:00:00 2001
From: delta-cloud-208e <delta-cloud-208e@device.local>
Date: Sun, 8 Mar 2026 10:43:06 +0000
Subject: [PATCH] fix: audit fixes across all install/update scripts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- codex/ucodex_update.sh: fix ${NC} → ${RESET} (crashed with set -u), fix CRLF
- gemini/ugemini_install.sh: read API_KEY/BASE_URL from config instead of hardcoded, fix "source ~/.bashrc" → "source /etc/profile.d/gemini-cli.sh"
- qwen/uqwen_install.sh: read API_KEY/BASE_URL from config instead of hardcoded

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 codex/ucodex_update.sh    | 258 +++++++++++++++++++-------------------
 gemini/ugemini_install.sh |   8 +-
 qwen/uqwen_install.sh     |   4 +-
 3 files changed, 135 insertions(+), 135 deletions(-)

diff --git a/codex/ucodex_update.sh b/codex/ucodex_update.sh
index 53e8c42..29840a8 100644
--- a/codex/ucodex_update.sh
+++ b/codex/ucodex_update.sh
@@ -1,129 +1,129 @@
-#!/usr/bin/env bash
-# Codex CLI — Updater
-# Downloads latest binary from GitHub + re-applies config patches.
-#
-# Usage: sudo bash ucodex_update.sh
-set -euo pipefail
-
-REPO_RAW="https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/codex"
-GITHUB_API="https://api.github.com/repos/openai/codex/releases/latest"
-
-GREEN="\033[92m"
-CYAN="\033[96m"
-YELLOW="\033[93m"
-RED="\033[91m"
-BOLD="\033[1m"
-RESET="\033[0m"
-
-log()  { echo -e "${GREEN}[+]${RESET} $*"; }
-info() { echo -e "${CYAN}[i]${RESET} $*"; }
-warn() { echo -e "${YELLOW}[~]${RESET} $*"; }
-err()  { echo -e "${RED}[!]${RESET} $*" >&2; }
-
-echo -e "${BOLD}"
-echo "  +--------------------------------------+"
-echo "  |    Codex CLI — Updater               |"
-echo "  +--------------------------------------+"
-echo -e "${RESET}"
-
-# ---- Check current version ----
-
-OLD_VER="not installed"
-if command -v codex &>/dev/null; then
-    OLD_VER=$(codex --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "unknown")
-    info "Current version: $OLD_VER"
-fi
-
-# ---- Get latest version ----
-
-info "Checking latest version..."
-LATEST_VER=$(curl -s "$GITHUB_API" | grep -oP '"tag_name":\s*"rust-v\K[0-9]+\.[0-9]+\.[0-9]+' | head -1)
-
-if [ -z "$LATEST_VER" ]; then
-    err "Could not fetch latest version from GitHub"
-    exit 1
-fi
-info "Latest version: $LATEST_VER"
-
-if [ "$OLD_VER" = "$LATEST_VER" ]; then
-    log "Already up to date ($LATEST_VER)"
-else
-    # ---- Download binary ----
-    ARCH=$(uname -m)
-    case "$ARCH" in
-        x86_64)  BINARY_SUFFIX="x86_64-unknown-linux-musl" ;;
-        aarch64|arm64) BINARY_SUFFIX="aarch64-unknown-linux-musl" ;;
-        *) err "Unsupported architecture: $ARCH"; exit 1 ;;
-    esac
-
-    DOWNLOAD_URL="https://github.com/openai/codex/releases/download/rust-v${LATEST_VER}/codex-${BINARY_SUFFIX}.tar.gz"
-    TEMP_DIR=$(mktemp -d)
-
-    info "Downloading codex-${BINARY_SUFFIX}..."
-    curl -L -# -o "$TEMP_DIR/codex.tar.gz" "$DOWNLOAD_URL"
-    tar -xzf "$TEMP_DIR/codex.tar.gz" -C "$TEMP_DIR"
-
-    # Find binary
-    BINARY_FILE=$(find "$TEMP_DIR" -maxdepth 1 -name 'codex*' -type f ! -name '*.gz' | head -1)
-    if [ -z "$BINARY_FILE" ]; then
-        err "Binary not found in archive"
-        rm -rf "$TEMP_DIR"
-        exit 1
-    fi
-
-    # Kill running processes
-    pkill -9 -x "codex" 2>/dev/null || true
-
-    # Install
-    CODEX_PATH=$(which codex 2>/dev/null || echo "/usr/local/bin/codex")
-    chmod +x "$BINARY_FILE"
-    mv -f "$BINARY_FILE" "$CODEX_PATH"
-    rm -rf "$TEMP_DIR"
-    hash -r 2>/dev/null || true
-
-    NEW_VER=$(codex --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "unknown")
-    log "Binary updated: $OLD_VER → $NEW_VER"
-fi
-
-# ---- Download and apply patches ----
-
-PATCH_DIR=$(mktemp -d)
-cleanup() { rm -rf "$PATCH_DIR" 2>/dev/null || true; }
-trap cleanup EXIT
-
-info "Downloading patcher..."
-GITEA_TOKEN="${GITEA_TOKEN:-cadffcb0a6a3be728ac1ff619bb40c86588f6837}"
-curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "$REPO_RAW/codex_patcher.py" -o "$PATCH_DIR/codex_patcher.py"
-curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "$REPO_RAW/codex_config.json" -o "$PATCH_DIR/codex_config.json"
-
-info "Applying patches..."
-python3 "$PATCH_DIR/codex_patcher.py" --apply --config "$PATCH_DIR/codex_config.json"
-
-# Set env vars system-wide (all users, all sessions)
-API_KEY=$(python3 -c "import json; print(json.load(open('$PATCH_DIR/codex_config.json'))['api_key'])")
-BASE_URL=$(python3 -c "import json; print(json.load(open('$PATCH_DIR/codex_config.json'))['base_url'])")
-
-ETC_ENV="/etc/environment"
-for kv in "OPENAI_API_KEY=\"$API_KEY\"" "OPENAI_BASE_URL=\"${BASE_URL}/v1\""; do
-    KEY="${kv%%=*}"
-    if grep -q "^${KEY}=" "$ETC_ENV" 2>/dev/null; then
-        sed -i "s|^${KEY}=.*|${kv}|" "$ETC_ENV"
-    else
-        echo "$kv" >> "$ETC_ENV"
-    fi
-done
-
-cat > /etc/profile.d/codex-env.sh << ENVEOF
-export OPENAI_API_KEY="$API_KEY"
-export OPENAI_BASE_URL="${BASE_URL}/v1"
-ENVEOF
-chmod 644 /etc/profile.d/codex-env.sh
-
-export OPENAI_API_KEY="$API_KEY"
-export OPENAI_BASE_URL="${BASE_URL}/v1"
-
-info "Env vars set system-wide (/etc/environment + /etc/profile.d/codex-env.sh)"
-
-log "Update complete!"
-echo -e "For current shell: ${CYAN}source /etc/profile.d/codex-env.sh${NC}"
-echo ""
+#!/usr/bin/env bash
+# Codex CLI — Updater
+# Downloads latest binary from GitHub + re-applies config patches.
+#
+# Usage: sudo bash ucodex_update.sh
+set -euo pipefail
+
+REPO_RAW="https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/codex"
+GITHUB_API="https://api.github.com/repos/openai/codex/releases/latest"
+
+GREEN="\033[92m"
+CYAN="\033[96m"
+YELLOW="\033[93m"
+RED="\033[91m"
+BOLD="\033[1m"
+RESET="\033[0m"
+
+log()  { echo -e "${GREEN}[+]${RESET} $*"; }
+info() { echo -e "${CYAN}[i]${RESET} $*"; }
+warn() { echo -e "${YELLOW}[~]${RESET} $*"; }
+err()  { echo -e "${RED}[!]${RESET} $*" >&2; }
+
+echo -e "${BOLD}"
+echo "  +--------------------------------------+"
+echo "  |    Codex CLI — Updater               |"
+echo "  +--------------------------------------+"
+echo -e "${RESET}"
+
+# ---- Check current version ----
+
+OLD_VER="not installed"
+if command -v codex &>/dev/null; then
+    OLD_VER=$(codex --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "unknown")
+    info "Current version: $OLD_VER"
+fi
+
+# ---- Get latest version ----
+
+info "Checking latest version..."
+LATEST_VER=$(curl -s "$GITHUB_API" | grep -oP '"tag_name":\s*"rust-v\K[0-9]+\.[0-9]+\.[0-9]+' | head -1)
+
+if [ -z "$LATEST_VER" ]; then
+    err "Could not fetch latest version from GitHub"
+    exit 1
+fi
+info "Latest version: $LATEST_VER"
+
+if [ "$OLD_VER" = "$LATEST_VER" ]; then
+    log "Already up to date ($LATEST_VER)"
+else
+    # ---- Download binary ----
+    ARCH=$(uname -m)
+    case "$ARCH" in
+        x86_64)  BINARY_SUFFIX="x86_64-unknown-linux-musl" ;;
+        aarch64|arm64) BINARY_SUFFIX="aarch64-unknown-linux-musl" ;;
+        *) err "Unsupported architecture: $ARCH"; exit 1 ;;
+    esac
+
+    DOWNLOAD_URL="https://github.com/openai/codex/releases/download/rust-v${LATEST_VER}/codex-${BINARY_SUFFIX}.tar.gz"
+    TEMP_DIR=$(mktemp -d)
+
+    info "Downloading codex-${BINARY_SUFFIX}..."
+    curl -L -# -o "$TEMP_DIR/codex.tar.gz" "$DOWNLOAD_URL"
+    tar -xzf "$TEMP_DIR/codex.tar.gz" -C "$TEMP_DIR"
+
+    # Find binary
+    BINARY_FILE=$(find "$TEMP_DIR" -maxdepth 1 -name 'codex*' -type f ! -name '*.gz' | head -1)
+    if [ -z "$BINARY_FILE" ]; then
+        err "Binary not found in archive"
+        rm -rf "$TEMP_DIR"
+        exit 1
+    fi
+
+    # Kill running processes
+    pkill -9 -x "codex" 2>/dev/null || true
+
+    # Install
+    CODEX_PATH=$(which codex 2>/dev/null || echo "/usr/local/bin/codex")
+    chmod +x "$BINARY_FILE"
+    mv -f "$BINARY_FILE" "$CODEX_PATH"
+    rm -rf "$TEMP_DIR"
+    hash -r 2>/dev/null || true
+
+    NEW_VER=$(codex --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "unknown")
+    log "Binary updated: $OLD_VER → $NEW_VER"
+fi
+
+# ---- Download and apply patches ----
+
+PATCH_DIR=$(mktemp -d)
+cleanup() { rm -rf "$PATCH_DIR" 2>/dev/null || true; }
+trap cleanup EXIT
+
+info "Downloading patcher..."
+GITEA_TOKEN="${GITEA_TOKEN:-cadffcb0a6a3be728ac1ff619bb40c86588f6837}"
+curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "$REPO_RAW/codex_patcher.py" -o "$PATCH_DIR/codex_patcher.py"
+curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "$REPO_RAW/codex_config.json" -o "$PATCH_DIR/codex_config.json"
+
+info "Applying patches..."
+python3 "$PATCH_DIR/codex_patcher.py" --apply --config "$PATCH_DIR/codex_config.json"
+
+# Set env vars system-wide (all users, all sessions)
+API_KEY=$(python3 -c "import json; print(json.load(open('$PATCH_DIR/codex_config.json'))['api_key'])")
+BASE_URL=$(python3 -c "import json; print(json.load(open('$PATCH_DIR/codex_config.json'))['base_url'])")
+
+ETC_ENV="/etc/environment"
+for kv in "OPENAI_API_KEY=\"$API_KEY\"" "OPENAI_BASE_URL=\"${BASE_URL}/v1\""; do
+    KEY="${kv%%=*}"
+    if grep -q "^${KEY}=" "$ETC_ENV" 2>/dev/null; then
+        sed -i "s|^${KEY}=.*|${kv}|" "$ETC_ENV"
+    else
+        echo "$kv" >> "$ETC_ENV"
+    fi
+done
+
+cat > /etc/profile.d/codex-env.sh << ENVEOF
+export OPENAI_API_KEY="$API_KEY"
+export OPENAI_BASE_URL="${BASE_URL}/v1"
+ENVEOF
+chmod 644 /etc/profile.d/codex-env.sh
+
+export OPENAI_API_KEY="$API_KEY"
+export OPENAI_BASE_URL="${BASE_URL}/v1"
+
+info "Env vars set system-wide (/etc/environment + /etc/profile.d/codex-env.sh)"
+
+log "Update complete!"
+echo -e "For current shell: ${CYAN}source /etc/profile.d/codex-env.sh${RESET}"
+echo ""
diff --git a/gemini/ugemini_install.sh b/gemini/ugemini_install.sh
index f802b06..709ec7c 100755
--- a/gemini/ugemini_install.sh
+++ b/gemini/ugemini_install.sh
@@ -193,8 +193,8 @@ fi
 # ---- Set environment variables (system-wide, all users) ----
 
 info "Setting environment variables..."
-API_KEY="ClauderAPI"
-BASE_URL="https://ai.37-187-136-86.sslip.io"
+API_KEY=$(python3 -c "import json; print(json.load(open('$INSTALL_DIR/gemini_config.json'))['api_key'])")
+BASE_URL=$(python3 -c "import json; print(json.load(open('$INSTALL_DIR/gemini_config.json'))['base_url'])")
 
 # Write to /etc/environment (all users, all sessions including cron)
 ETC_ENV="/etc/environment"
@@ -238,13 +238,13 @@ if echo "$RESULT" | grep -qi "OK"; then
     echo "    gemini-2.5-pro, gemini-2.5-flash"
     echo "    gemini-3-flash, gemini-3.1-pro"
     echo ""
-    echo "  If env vars not active, run: source ~/.bashrc"
+    echo "  If env vars not active, run: source /etc/profile.d/gemini-cli.sh"
     echo ""
 else
     warn "Patches applied but test prompt failed."
     echo "  Response: $RESULT"
     echo ""
     echo "  Try manually:"
-    echo "    source ~/.bashrc"
+    echo "    source /etc/profile.d/gemini-cli.sh"
     echo "    gemini -p 'Hello'"
 fi
diff --git a/qwen/uqwen_install.sh b/qwen/uqwen_install.sh
index 0998756..0d41418 100755
--- a/qwen/uqwen_install.sh
+++ b/qwen/uqwen_install.sh
@@ -169,8 +169,8 @@ log "Patches applied"
 # ---- Set environment variables (system-wide, all users) ----
 
 info "Setting environment variables..."
-API_KEY="ClauderAPI"
-BASE_URL="https://ai.37-187-136-86.sslip.io"
+API_KEY=$(python3 -c "import json; print(json.load(open('$INSTALL_DIR/qwen_config.json'))['api_key'])")
+BASE_URL=$(python3 -c "import json; print(json.load(open('$INSTALL_DIR/qwen_config.json'))['base_url'])")
 
 # Write to /etc/environment (all users, all sessions including cron)
 ETC_ENV="/etc/environment"