Can you explain in simple words that even a non programmer can understand, what the linked PR does?

Is this an example of a simple and clean solution via shell script? I have some stylistic doubts:

1. What "exitcode" is set for:

  exitcode=1
  exit 1

2. I see a lot of "return $?". Why "$?" is returned if by default the shell returns the return value of the last command? Just ti name a few:

  lklfuse -o type=ext4 "${loop}" "$mnt"
  return $?
  ...
  veracrypt  --text --non-interactive -d "$file"
  return $?
  ...
  mount "$loop" "$mnt"
  return $?

3. Aren't =, != etc. used to compare strings and -eq, -ne, -gt etc. used to compare numbers? I see lot of numbers compared as strings, e.g.:

  [ $? = 0 ]
  [ $? != 0 ]
  [ $exitcode = 0 ]

4. There are lot of "cat <<EOF" blocks without indentation. I understand that this is made because the shell expects "EOF" on the line start, but there is a special syntax designed on purpose for this use case, simply put a dash between << and the token, e.g. "cat <<-EOF". In this case:

  tomb_init() {
   system="`uname -s`"
   case "$system" in
    FreeBSD)
     cat <<-EOF
     create=posix_create
     format=posix_format
     map=posix_map
     mount=freebsd_mount
     close=freebsd_close
     EOF
     ;;
    Linux)

5. Aren't backtick deprecated in favor of $()?

thanks for your review! tho you are referring to the tomb-portable unfinished experiment which is about to be dismissed since cross-platform experiments with veracrypt show very bad performance.

you are welcome to share a review of the tomb script, but be warned in that we use a lot of zsh specific features. It is a script that works since 15+ years so it has a discrete amount of patchwork to avoid regressions.

OMG that's evil. The diff just shows:

  +
  +.
  +

and the dot goes unnoticed

I wonder why they didn't use a non-breaking space or similar. I guess it's possible a nbsp would stand out even more.

They could have just misspelt one of the constants. Even less obvious and more deniable.

There's multiple things like this in this backdoor that seems like they've been super sneaky (using a compile check to disable Landlock is genius) but then half-assed the last step.

the extra dot is easily hand waved away as a mistake. a non breaking space looks intentional.

Plausible deniability probably. A dot could be a typo, a NBSP is less likely.

like a more (ostensibly) malicious “goto fail”