obuspa: Optimize startup to avoid db corruption

- Force update values from uci on firmware update - In case of reload(uci update), old sql db gets deleted and created from uci - Use In memory sql journal mode
2025-12-10 07:44:50 +01:00 · 2025-10-14 09:58:18 +05:30 · 2025-10-14 09:58:18 +05:30 · abebc40733
commit abebc40733
parent 4823154afb
7 changed files with 276 additions and 537 deletions
--- a/obuspa/Makefile
+++ b/obuspa/Makefile
@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=obuspa
-PKG_VERSION:=10.0.0.16
+PKG_VERSION:=10.0.0.17
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=479ffb3582aa245a84829502d9412ca2539eefca
+PKG_SOURCE_VERSION:=8f0f8cfc2c4048bfed674163030d0b06f96f2da1
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
@ -32,8 +32,9 @@ define Package/obuspa
  SUBMENU:=TRx69
  TITLE:=USP agent
  MENU:=1
-  DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
+  DEPENDS:=+libopenssl +libcurl +libsqlite3 +libmosquitto-ssl +libwebsockets-openssl
-		+OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl +libjson-c
+  DEPENDS+=+libjson-c +libubox +libubus +libuci +libblobmsg-json
  DEPENDS+=+ca-certificates +OBUSPA_LOCAL_MQTT_LISTENER:mosquitto-ssl
  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
 endef
--- a/obuspa/files/etc/init.d/obuspa
+++ b/obuspa/files/etc/init.d/obuspa
@ -6,19 +6,18 @@ USE_PROCD=1
 PROG=/usr/sbin/obuspa
 CONFIGURATION=obuspa
 FIRST_BOOT="/etc/obuspa/boot_marker"
 ENV_PROFILE="/root/.profile"
 KEEP_FILE="/lib/upgrade/keep.d/obuspa"
 RESET_FILE="/tmp/obuspa/fw_defaults"
-SQL_DB_FILE="/tmp/obuspa/usp.db"
+
-DB_DUMP="/tmp/obuspa/usp.dump_$(date +%s)"
+OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
 BASEPATH=""
 INSTANCE_COUNT=0
 CLIENT_ID_PREFIX=""
 . /lib/functions/network.sh
 . /usr/share/libubox/jshn.sh
 . /etc/obuspa/usp_utils.sh
 global_init()
@ -30,6 +29,7 @@ global_init()
 log()
 {
 	echo "$*"|logger -t obuspa.init -p debug
 	echo "$*" >/dev/console
 }
 db_set_reset_file()
@ -47,37 +47,9 @@ db_set_reset_file()
 	fi
 }
 db_set_sql()
 {
 	local param value
 	param="${1}"
 	shift
 	value="$*"
 	if [ -n "${param}" ] && [ -n "${value}" ]; then
 		if grep -q "${param} " ${DB_DUMP}; then
 			value="${value//\//\\/}"
 			sed -i "s/${param} .*/${param} \"${value}\"/g" ${DB_DUMP}
 		else
 			echo "${param} \"${value}\"" >> ${DB_DUMP}
 		fi
 	fi
 }
 db_set()
 {
 	# if sql db dump file present, update it
 	if [ -f "${DB_DUMP}" ]; then
 		db_set_sql "$@"
 	else
 	db_set_reset_file "$@"
 	fi
 }
 dump_db()
 {
 	${PROG} -v0 -f ${SQL_DB_FILE} -c show database |grep "^Internal.\|^Device."|sed '{s/=> /"/g;s/$/"/g}' | sort  > ${DB_DUMP}
 }
 # if db present then check if it matches with existing instances
@ -92,21 +64,6 @@ get_base_path()
 	path=""
 	count=0
 	if [ -f "${DB_DUMP}" ]; then
 		path=$(grep -E "${refpath}\d+.Alias \"${value}\"" ${DB_DUMP})
 		path=${path%.*}
 		if [ -z "${path}" ]; then
 			path=$(grep -oE "${refpath}\d+" ${DB_DUMP} |sort -r|head -n 1)
 			if [ -n "${path}" ]; then
 				count=${path##*.}
 				count=$(( count + 1 ))
 			else
 				count=1
 			fi
 			path="${refpath}${count}"
 		fi
 	fi
 	if [ -z "${path}" ]; then
 		INSTANCE_COUNT=$(( INSTANCE_COUNT + 1 ))
 		path="${refpath}${INSTANCE_COUNT}"
@ -122,9 +79,7 @@ get_refrence_path()
 	value="${2}"
 	path=""
-	if [ -f "${DB_DUMP}" ]; then
+	if [ -f "${RESET_FILE}" ]; then
 		path=$(grep -E "${dmref}\d+.Alias " ${DB_DUMP}|grep -w "${value}")
 	elif [ -f "${RESET_FILE}" ]; then
 		path=$(grep -E "${dmref}\d+.Alias " ${RESET_FILE}|grep -w "${value}")
 	fi
 	path=${path%.*}
@ -136,7 +91,7 @@ update_keep()
 	file=${1}
 	if [ -z "${file}" ]; then
-		return;
+		return 0
 	fi
 	if [ ! -f "${KEEP_FILE}" ]; then
@ -263,7 +218,7 @@ configure_localagent()
 	validate_localagent_section "${1}" || {
 		log "Validation of localagent section failed"
-		return 0;
+		return 0
 	}
 	db_set Device.LocalAgent.EndpointID "${EndpointID}"
@ -271,7 +226,7 @@ configure_localagent()
 update_reset_reason()
 {
-	[ -f "/tmp/reset_reason" ] || return 0;
+	[ -f "/tmp/reset_reason" ] || return 0
 	if grep -qwi "defaultreset" /tmp/reset_reason; then
 		db_set Internal.Reboot.Cause "FactoryReset"
@ -310,10 +265,6 @@ get_role_index()
 		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)"
 		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
 		echo "$val"
 	elif [ -f "${DB_DUMP}" ]; then
 		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${DB_DUMP} |grep $name)"
 		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
 		echo "$val"
 	else
 		log "Not able to get role ${name}, use Untrusted role"
 		echo "${drole}"
@ -331,19 +282,19 @@ configure_controller()
 	sec="${1}"
 	validate_controller_section "${1}" || {
 		log "Validation of controller section failed"
-		return 1;
+		return 1
 	}
 	sec="${sec/controller_/cpe-}"
 	get_base_path "Device.LocalAgent.Controller." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 	if [ -z "${Protocol}" ]; then
 		log "controller:: Protocol cannot be empty"
-		return 1;
+		return 1
 	fi
 	dm_ref=""
@ -439,14 +390,14 @@ configure_subscription()
 	sec="${1}"
 	validate_subscription_section "${1}" || {
 		log "Validation of subscription section failed"
-		return 1;
+		return 1
 	}
 	sec="${sec/sub_/cpe-}"
 	get_base_path "Device.LocalAgent.Subscription." "sub_${1}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 	if [ -n "${controller}" ]; then
@ -483,12 +434,12 @@ configure_challenges()
 	get_base_path "Device.LocalAgent.ControllerTrust.Challenge." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 	if [ -z "${role_name}" ] && [ -z "${Role}" ]; then
-		log "Either role_name or Role must defined for a challenge";
+		log "Either role_name or Role must defined for a challenge"
-		return 1;
+		return 1
 	fi
 	db_set "${BASEPATH}.Alias" "${sec}"
@ -515,18 +466,18 @@ configure_mtp() {
 	sec="${1}"
 	validate_mtp_section "${1}" || {
 		log "Validation of mtp section failed"
-		return 1;
+		return 1
 	}
 	sec="${sec/mtp_/cpe-}"
 	get_base_path "Device.LocalAgent.MTP." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 	if [ -z "${Protocol}" ]; then
 		log "Protocol not defined for the mtp[${1}] section"
-		return 1;
+		return 1
 	fi
 	dm_ref=""
@ -584,14 +535,14 @@ configure_stomp_connection() {
 	sec="${1}"
 	validate_stomp_connection_section "${1}" || {
 		log "Validation of stomp section failed"
-		return 1;
+		return 1
 	}
 	sec="${sec/stomp_/cpe-}"
 	get_base_path "Device.STOMP.Connection." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 	db_set "${BASEPATH}.Alias" "${sec}"
@ -614,14 +565,18 @@ configure_mqtt_client() {
 	sec="${1}"
 	validate_mqtt_client_section "${1}" || {
 		log "Validation of mqtt section failed"
-		return 1;
+		return 1
 	}
 	sec="${sec/mqtt_/cpe-}"
 	get_base_path "Device.MQTT.Client." "${sec}"
 	if [ -z "${BASEPATH}" ]; then
 		log "Failed to get path [$BASEPATH]"
-		return 1;
+		return 1
 	fi
 	if [ -z "${ClientID}" ]; then
 		ClientID="${CLIENT_ID_PREFIX}-${sec}"
 	fi
 	db_set "${BASEPATH}.Alias" "${sec}"
@ -648,6 +603,9 @@ configure_obuspa() {
 	fi
 	if [ -n "${log_level}" ]; then
 		if [ "${log_level}" -gt "4" ]; then
 			log_level="4"
 		fi
 		procd_append_param command -v "${log_level}"
 	fi
@ -676,13 +634,13 @@ configure_obuspa() {
 	if [ -n "${db_file}" ]; then
 		update_keep "${db_file}"
-		procd_append_param command -f "${SQL_DB_FILE}"
+		procd_append_param command -f "${db_file}"
 		if [ -f "${db_file}-journal" ]; then
 			log "SQL Journal detected ..."
 		fi
 	fi
 	if [ -f "${RESET_FILE}" ]; then
 		if [ -f "${SQL_DB_FILE}" ]; then
 			mv ${SQL_DB_FILE} ${SQL_DB_FILE}.old
 		fi
 		procd_append_param command -r ${RESET_FILE}
 	fi
@ -701,306 +659,34 @@ configure_obuspa() {
 	fi
 }
 get_instances_from_db_dump()
 {
 	local obj inst
 	obj="${1}\d+"
 	if [ ! -f "${DB_DUMP}" ]; then
 		echo ""
 		return 0;
 	fi
 	inst="$(grep -oE "${obj}" "${DB_DUMP}"|uniq)"
 	echo "$inst"
 }
 get_param_value_from_dump()
 {
 	local param value
 	param="${1}"
 	if [ -z "${param}" ] || [ ! -f "${DB_DUMP}" ]; then
 		log "error getting param"
 		echo ""
 		return 0
 	fi
 	value="$(grep "^${param} " ${DB_DUMP}|awk '{print $2}')"
 	echo "${value//\"/}"
 }
 update_uci_sec()
 {
 	local sec tmp
 	sec="${1}"
 	stype="${2}"
 	if [ -z "$sec" ] || [ -z "$stype" ]; then
 		log "No section name, error"
 		return 0
 	fi
 	tmp="$(uci_get obuspa "${sec}")"
 	if [ "$tmp" != "$stype" ]; then
 		uci_add obuspa "${stype}" "${sec}"
 	fi
 }
 sync_db_controller()
 {
 	local cntrs copts sec pvalue protocol
 	copts="Enable EndpointID PeriodicNotifInterval"
 	popts="Destination Topic Host Port Path EnableEncryption"
 	cntrs="$(get_instances_from_db_dump Device.LocalAgent.Controller.)"
 	for cntr in $cntrs; do
 		sec="$(get_param_value_from_dump "${cntr}".Alias)"
 		sec="${sec/cpe-/controller_}"
 		sec="${sec/-/_}"
 		update_uci_sec "${sec}" controller
 		for param in ${copts}; do
 			pvalue="$(get_param_value_from_dump "${cntr}"."${param}")"
 			uci_set obuspa "${sec}" "${param}" "${pvalue}"
 		done
 		uci_set obuspa "${sec}" "_sync" "1"
 		protocol="$(get_param_value_from_dump "${cntr}".MTP.1.Protocol)"
 		if [ -z "${protocol}" ]; then
 			break;
 		fi
 		uci_set obuspa "${sec}" "Protocol" "${protocol}"
 		for param in ${popts}; do
 			pvalue="$(get_param_value_from_dump "${cntr}".MTP.1."${protocol}"."${param}")"
 			uci_set obuspa "${sec}" "${param}" "${pvalue}"
 		done
 	done
 }
 sync_db_localagent_mtp()
 {
 	local mtps opts popts sec pvalue protocol
 	opts="Enable"
 	popts="ResponseTopicConfigured Destination Port Path EnableEncryption PublishQoS"
 	mtps="$(get_instances_from_db_dump Device.LocalAgent.MTP.)"
 	for inst in $mtps; do
 		sec="$(get_param_value_from_dump "${inst}".Alias)"
 		sec="${sec/cpe-/mtp_}"
 		sec="${sec/-/_}"
 		update_uci_sec "${sec}" mtp
 		for param in ${opts}; do
 			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
 			uci_set obuspa "${sec}" "${param}" "${pvalue}"
 		done
 		uci_set obuspa "${sec}" "_sync" "1"
 		protocol="$(get_param_value_from_dump "${inst}".Protocol)"
 		if [ -z "${protocol}" ]; then
 			break;
 		fi
 		uci_set obuspa "${sec}" "Protocol" "${protocol}"
 		for param in ${popts}; do
 			pvalue="$(get_param_value_from_dump "${inst}"."${protocol}"."${param}")"
 			uci_set obuspa "${sec}" "${param}" "${pvalue}"
 		done
 	done
 }
 sync_db_mqtt_client()
 {
 	local mtps copts sec pvalue protocol
 	opts="Enable BrokerAddress BrokerPort Username ProtocolVersion TransportProtocol ClientID"
 	mtps="$(get_instances_from_db_dump Device.MQTT.Client.)"
 	for inst in $mtps; do
 		sec="$(get_param_value_from_dump "${inst}".Alias)"
 		sec="${sec/cpe-/mqtt_}"
 		sec="${sec/-/_}"
 		update_uci_sec "${sec}" mqtt
 		for param in ${opts}; do
 			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
 			uci_set obuspa "${sec}" "${param}" "${pvalue}"
 		done
 		uci_set obuspa "${sec}" "_sync" "1"
 	done
 }
 sync_db_stomp_connection()
 {
 	local mtps copts sec pvalue protocol
 	opts="Enable Host Port Username EnableEncryption EnableHeartbeats VirtualHost"
 	mtps="$(get_instances_from_db_dump Device.STOMP.Connection.)"
 	for inst in $mtps; do
 		sec="$(get_param_value_from_dump "${inst}".Alias)"
 		sec="${sec/cpe-/stomp_}"
 		sec="${sec/-/_}"
 		update_uci_sec "${sec}" stomp
 		for param in ${opts}; do
 			pvalue="$(get_param_value_from_dump "${inst}"."${param}")"
 			uci_set obuspa "${sec}" "${param}" "${pvalue}"
 		done
 		uci_set obuspa "${sec}" "_sync" "1"
 	done
 }
 sync_update_sec()
 {
 	local _sync
 	config_get _sync "${1}" _sync ""
 	if [ -z "${_sync}" ]; then
 		uci_remove obuspa "${1}"
 		log "Deleting obuspa.${1} section ..."
 	else
 		uci_remove obuspa "${1}" _sync
 	fi
 }
 sync_uci_with_db()
 {
 	if [ ! -f "${DB_DUMP}" ]; then
 		return 0;
 	fi
 	# Skip overriding uci in case of Firstboot
 	if [ ! -f "${FIRST_BOOT}" ]; then
 		return 0
 	fi
 	log "Syncing obuspa uci with usp.db ...."
 	config_load obuspa
 	sync_db_controller
 	sync_db_localagent_mtp
 	sync_db_mqtt_client
 	sync_db_stomp_connection
 	uci_commit obuspa
 	config_load obuspa
 	config_foreach sync_update_sec controller
 	config_foreach sync_update_sec mtp
 	config_foreach sync_update_sec mqtt
 	config_foreach sync_update_sec stomp
 	uci_commit obuspa
 }
 delete_sql_db_entry_with_pattern()
 {
 	local params pattern
 	pattern="${1}"
 	if [ ! -f "${DB_DUMP}" ]; then
 		return 0;
 	fi
 	if [ "${#pattern}" -lt 7 ]; then
 		return 0;
 	fi
 	#log "Deleting with pattern [${pattern}] from ${DB_DUMP}"
 	sed -i "/${pattern}/d" ${DB_DUMP}
 }
 check_n_delete_db()
 {
 	local sec t r path
 	sec="${1}"
 	if uci -q get obuspa."${sec}" >/dev/null 2>&1; then
 		return 0
 	fi
 	t="${2}"
 	r="${3}"
 	sec="${sec/${t}_/cpe-}"
 	path=$(grep -E "${r}\d+.Alias \"${sec}\"" ${DB_DUMP})
 	path=${path%.*}
 	delete_sql_db_entry_with_pattern "${path}"
 }
 workaround_remove_download_pattern()
 {
 	local inst
 	inst="$(cat ${DB_DUMP} |grep -E "Device.DeviceInfo.FirmwareImage.\d.Download()"|grep -oE "Device.LocalAgent.Request.\d.")"
 	if [ -n "${inst}" ]; then
 		log "Workaround to remove the old download Request [$inst]"
 		delete_sql_db_entry_with_pattern "${inst}"
 	fi
 }
 reverse_update_db_with_uci()
 {
 	if [ ! -f "${DB_DUMP}" ]; then
 		return 0;
 	fi
 	export UCI_CONFIG_DIR="/tmp/obuspa"
 	config_load obuspa
 	config_foreach check_n_delete_db controller controller "Device.LocalAgent.Controller."
 	config_foreach check_n_delete_db mtp mtp "Device.LocalAgent.MTP."
 	config_foreach check_n_delete_db mqtt mqtt "Device.MQTT.Client."
 	config_foreach check_n_delete_db stomp stomp "Device.STOMP.Connection."
 	unset UCI_CONFIG_DIR
 }
 # Create factory reset file
 db_init()
 {
-	local reason role_file
+	local reason
 	reason="${1}"
-	mkdir -p /tmp/obuspa/
+	# remove usp.db, in case of reload
-
+	if [ -f "${OBUSPA_BOOT_MARKER}" ] && [ "${reason}" = "update" ]; then
-	# Load configuration
+		log "Deleting ${OBUSPA_BOOT_MARKER} to enforce values from uci ...."
-	config_load $CONFIGURATION
+		rm -f "${OBUSPA_BOOT_MARKER}"
 	config_get SQL_DB_FILE global db_file "/tmp/obuspa/usp.db"
 	config_get role_file global role_file ""
 	if [ -f "${SQL_DB_FILE}.old" ] && [ ! -f "${SQL_DB_FILE}" ]; then
 		log "Copying old db, since new db not present ..."
 		mv ${SQL_DB_FILE}.old ${SQL_DB_FILE}
 	fi
-	# Dump datamodel parameters from DB
+	if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
-	if [ -f "${SQL_DB_FILE}" ]; then
+		return 0
 		dump_db
 	fi
 	# In case of Reboot or service restart update the uci
        # from usp.db file
 	if [ -f "${DB_DUMP}" ] && [ "${reason}" != "update" ]; then
 		# Only do this if db have reasonable data
 		val="$(awk 'END{print NR}' ${DB_DUMP})"
 		if [ "$val" -gt 15 ]; then
 			sync_uci_with_db
 		fi
 	fi
 	# remove entries from db if deleted from uci, only in case of reload
 	if [ -f "${DB_DUMP}" ] && [ "${reason}" = "update" ] && [ -f "/tmp/obuspa/obuspa" ]; then
 		log "Deleting entries from usp.db if uci not present ...."
 		reverse_update_db_with_uci
 	fi
 	# Remove reset file if present
-	[ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old
+	[ -f "${RESET_FILE}" ] && rm ${RESET_FILE}
 	CLIENT_ID_PREFIX="$(db -q get device.deviceinfo.ManufacturerOUI)"
 	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX}-$(db -q get device.deviceinfo.SerialNumber)"
 	CLIENT_ID_PREFIX="${CLIENT_ID_PREFIX//+/%2b}"
 	#log "Create reset file ...."
 	config_load $CONFIGURATION
 	config_get dualstack_pref global dualstack_pref "IPv6"
 	log "Enforce uci values, no boot marker"
 	global_init
 	config_foreach configure_localagent localagent
 	global_init
@ -1016,22 +702,12 @@ db_init()
 	global_init
 	config_foreach configure_challenges challenge
 	# enforce ctrust only on upgrades, not on reloads
 	if [ -f "${CTRUST_RESET_FILE}" ] && [ -z "${reason}" ]; then
 		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
 	fi
 	update_reset_reason
 	update_dual_stack_pref "${dualstack_pref}"
 	uci_commit ${CONFIGURATION}
 	cp /etc/config/obuspa /tmp/obuspa/
 	if [ -f "${DB_DUMP}" ]; then
 		workaround_remove_download_pattern
 		mv ${DB_DUMP} ${RESET_FILE}
 	fi
 	if [ -f "${CTRUST_RESET_FILE}" ]; then
 		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
 		rm ${CTRUST_RESET_FILE}
 	fi
 	[ -f "${FIRST_BOOT}" ] || touch "${FIRST_BOOT}"
 }
 start_service() {
@ -1043,8 +719,8 @@ start_service() {
 	procd_open_instance ${CONFIGURATION}
 	if [ "${enabled}" -eq 1 ]; then
 		db_init "${1}"
 		procd_set_param command ${PROG}
 		db_init "${1}"
 		configure_obuspa
 		procd_set_param respawn \
 			"${respawn_threshold:-10}" \
@ -1054,9 +730,7 @@ start_service() {
 }
 stop_service() {
-	if command -v timeout >/dev/null 2>&1; then
+	${PROG} -c stop
 		timeout 5 ${PROG} -c stop
 	fi
 }
 reload_service() {
@ -1065,5 +739,6 @@ reload_service() {
 }
 service_triggers() {
 	export PROCD_RELOAD_DELAY=3000
 	procd_add_reload_trigger "obuspa"
 }
--- a/obuspa/files/etc/obuspa/usp_utils.sh
+++ b/obuspa/files/etc/obuspa/usp_utils.sh
@ -1,10 +1,12 @@
 #!/bin/sh
-CTRUST_RESET_FILE="/tmp/obuspa/ctrust_reset"
+CTRUST_RESET_FILE="/etc/obuspa/ctrust_reset"
 VENDOR_PREFIX_FILE="/etc/obuspa/vendor_prefix"
 FW_DEFAULT_ROLE_DIR="/etc/users/roles"
 SECURE_ROLES=""
 CTRUST_RESET_FILE_TEMP="/tmp/obuspa/ctrust_reset"
 mkdir -p /tmp/obuspa/
 # include jshn.sh
@ -23,9 +25,9 @@ db_add()
 	value="$*"
 	if [ -n "${param}" ] && [ -n "${value}" ]; then
-		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE}
+		echo "${param} \"${value}\"">>${CTRUST_RESET_FILE_TEMP}
 	else
-		echo >>${CTRUST_RESET_FILE}
+		echo >>${CTRUST_RESET_FILE_TEMP}
 	fi
 }
@ -252,7 +254,10 @@ configure_ctrust_role()
 	if [ -n "${SECURE_ROLES}" ]; then
 		db_add Device.LocalAgent.ControllerTrust.SecuredRoles "${SECURE_ROLES}"
 	fi
 	if [ -f "${CTRUST_RESET_FILE_TEMP}" ]; then
 		mv -f "${CTRUST_RESET_FILE_TEMP}" "${CTRUST_RESET_FILE}"
 	fi
 }
 # configure_ctrust_role "${@}"
--- a/obuspa/files/etc/uci-defaults/61-override-ct-roles
+++ b/obuspa/files/etc/uci-defaults/61-override-ct-roles
@ -4,5 +4,3 @@
 . /etc/obuspa/usp_utils.sh
 configure_ctrust_role
 exit 0
--- a/obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
+++ b/obuspa/files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
@ -8,6 +8,7 @@ RETRY_MIN_INTERVAL="5"
 RETRY_INTERVAL_MUL="2000"
 ENDPOINT_ID=""
 CONTROLLER_DISCOVERED=0
 OBUSPA_BOOT_MARKER="/etc/obuspa/.boot"
 log()
 {
@ -57,18 +58,18 @@ get_vivsoi() {
 	data="${opt125}"
 	rem_len="${len}"
-	while [ $rem_len -gt 0 ]; do
+	while [ "${rem_len}" -gt 0 ]; do
 		ent_id=${data:0:8}
 		ent_id=$(printf "%d\n" "0x$ent_id")
-		if [ $ent_id -ne  3561 ]; then
+		if [ "${ent_id}" -ne  3561 ]; then
 			len_val=${data:8:2}
 			data_len=$(printf "%d\n" "0x$len_val")
 			# add 4 byte for ent_id and 1 byte for len
 			data_len=$(( data_len * 2 + 10 ))
 			# move ahead data to next enterprise id
 			data=${data:"${data_len}":"${rem_len}"}
-			rem_len=$(( rem_len - $data_len ))
+			rem_len=$(( rem_len - data_len ))
 			continue
 		fi
@ -79,7 +80,7 @@ get_vivsoi() {
 		data_len=$(( data_len * 2 + 10 ))
 		opt_len=$(printf "%d\n" "0x$len_val")
-		[ $opt_len -eq 0 ] && return
+		[ "${opt_len}" -eq 0 ] && return
 		# populate the option data of enterprise id
 		sub_data_len=$(( opt_len * 2))
@ -98,28 +99,28 @@ get_vivsoi() {
 			sub_opt_len=$(( sub_opt_len * 2 ))
 			# get the value of sub option starting 4 means starting after length
-			sub_opt_val=${sub_data:4:${sub_opt_len}}
+			sub_opt_val=${sub_data:4:"${sub_opt_len}"}
 			# assign the value found in sub option
 			case "${sub_opt_id}" in
 				"25")
-					URL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					URL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 				"26")
-					PROV_CODE=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					PROV_CODE=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 				"27")
-					RETRY_MIN_INTERVAL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					RETRY_MIN_INTERVAL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 				"28")
-					RETRY_INTERVAL_MUL=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					RETRY_INTERVAL_MUL=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 				"29")
-					ENDPOINT_ID=$(echo -n $sub_opt_val | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
+					ENDPOINT_ID=$(echo -n "${sub_opt_val}" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf && echo '')
 					CONTROLLER_DISCOVERED=1
 				;;
 			esac
@ -131,7 +132,7 @@ get_vivsoi() {
 			sub_data_len=$((sub_data_len - sub_opt_end))
 			# fetch next sub option hex string
-			sub_data=${sub_data:${sub_opt_end}:${sub_data_len}}
+			sub_data=${sub_data:"${sub_opt_end}":"${sub_data_len}"}
 		done
 		# move ahead data to next enterprise id
@ -146,7 +147,7 @@ get_access_role()
 	lan_proto="$(uci -q get network.lan.proto)"
-	if [ "${lan_proto}" == "dhcp" ]; then
+	if [ "${lan_proto}" = "dhcp" ]; then
 		mode="extender"
 	else
 		mode="full_access"
@ -174,7 +175,7 @@ config_get_bool enable_obuspa global enabled 1
 config_get wan_intf global interface
 config_get_bool dhcp_discovery global dhcp_discovery 1
-if [ "$enable_obuspa" = "0" ] || [ "$dhcp_discovery" = "0" ]; then
+if [ "${enable_obuspa}" -eq 0 ] || [ "${dhcp_discovery}" -eq 0 ]; then
 	return 0
 fi
@ -190,9 +191,9 @@ if [ -z "${wan_intf}" ]; then
 	fi
 fi
-if [ "${wan_intf}" == "${INTERFACE}" ]; then
+if [ "${wan_intf}" = "${INTERFACE}" ]; then
 	if [ -n "$opt125" ]; then
-		len=$(printf "$opt125"|wc -c)
+		len=$(echo -n "${opt125}"|wc -c)
 		get_vivsoi "$opt125" "$len"
 	fi
@ -228,10 +229,10 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 				;;
 			*)
 				# This is an FQDN, perform DNS query
-				nslookup $URL > /tmp/fqdn_ip
+				nslookup "${URL}" > /tmp/fqdn_ip
-				nslookup -type=ptr $URL > /tmp/fqdn_ptr
+				nslookup -type=ptr "${URL}" > /tmp/fqdn_ptr
-				nslookup -type=srv $URL > /tmp/fqdn_srv
+				nslookup -type=srv "${URL}" > /tmp/fqdn_srv
-				nslookup -type=txt $URL > /tmp/fqdn_srv
+				nslookup -type=txt "${URL}" > /tmp/fqdn_srv
 				# TODO extend to collect information from dns-sd records
 				;;
@ -247,16 +248,16 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 		fi
 	fi
-	if [ "${proto}" == "mqtt" ] || [ "${proto}" == "mqtts" ]; then
+	if [ "${proto}" = "mqtt" ] || [ "${proto}" = "mqtts" ]; then
 		offered_proto="MQTT"
-		if [ "${proto}" == "mqtt" ]; then
+		if [ "${proto}" = "mqtt" ]; then
 			mtp_encrypt="TCP/IP"
 		else
 			mtp_encrypt="TLS"
 		fi
-	elif [ "${proto}" == "ws" ] || [ "${proto}" == "wss" ]; then
+	elif [ "${proto}" = "ws" ] || [ "${proto}" = "wss" ]; then
 		offered_proto="WebSocket"
-		if [ "${proto}" == "wss" ]; then
+		if [ "${proto}" = "wss" ]; then
 			mtp_encrypt="1"
 		else
 			mtp_encrypt="0"
@ -265,35 +266,46 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	controllers=$(uci -q show obuspa | grep "=controller" | cut -d'=' -f1 | cut -d'.' -f2)
 	for controller in $controllers; do
-		dhcp_disc=$(uci -q get obuspa.$controller.dhcp_discovered)
+		dhcp_disc=$(uci -q get obuspa."${controller}".dhcp_discovered)
 		if [ "${dhcp_disc}" -eq 1 ]; then
 			dhcp_controller="${controller}"
 			break
 		fi
 	done
 	# Check if any of the existing controller section matches with the endpointid
 	if [ -z "${dhcp_controller}" ] && [ -n "${ENDPOINT_ID}" ]; then
 		for controller in $controllers; do
 			endpointid=$(uci -q get obuspa."${controller}".EndpointID)
 			if [ "${endpointid}" = "${ENDPOINT_ID}" ]; then
 				dhcp_controller="${controller}"
 				break
 			fi
 		done
 	fi
 	if [ -n "${dhcp_controller}" ]; then
-		cont_proto="$(uci -q get obuspa.$dhcp_controller.Protocol)"
+		cont_proto=$(uci -q get obuspa."${dhcp_controller}".Protocol)
-		if [ "${cont_proto}" == "MQTT" ]; then
+		if [ "${cont_proto}" = "MQTT" ]; then
-			dhcp_mqtt="$(uci -q get obuspa.$dhcp_controller.mqtt)"
+			dhcp_mqtt=$(uci -q get obuspa."${dhcp_controller}".mqtt)
 			mtps=$(uci -q show obuspa | grep "=mtp" | cut -d'=' -f1 | cut -d'.' -f2)
 			for mtp in $mtps; do
-				mtp_mqtt="$(uci -q get obuspa.$mtp.mqtt)"
+				mtp_mqtt=$(uci -q get obuspa."${mtp}".mqtt)
-				if [ "${mtp_mqtt}" == "${dhcp_mqtt}" ]; then
+				if [ "${mtp_mqtt}" = "${dhcp_mqtt}" ]; then
 					dhcp_mtp="${mtp}"
 					break
 				fi
 			done
-		elif [ "${cont_proto}" == "WebSocket" ]; then
+		elif [ "${cont_proto}" = "WebSocket" ]; then
-			cont_port="$(uci -q get obuspa.$dhcp_controller.Port)"
+			cont_port=$(uci -q get obuspa."${dhcp_controller}".Port)
-			cont_encr="$(uci -q get obuspa.$dhcp_controller.EnableEncryption)"
+			cont_encr=$(uci -q get obuspa."${dhcp_controller}".EnableEncryption)
 			mtps=$(uci -q show obuspa | grep "=mtp" | cut -d'=' -f1 | cut -d'.' -f2)
 			for mtp in $mtps; do
-				mtp_port="$(uci -q get obuspa.$mtp.Port)"
+				mtp_port=$(uci -q get obuspa."${mtp}".Port)
-				mtp_encr="$(uci -q get obuspa.$mtp.EnableEncryption)"
+				mtp_encr=$(uci -q get obuspa."${mtp}".EnableEncryption)
-				if [ "${mtp_port}" == "${cont_port}" ] && [ "${mtp_encr}" == "${cont_encr}" ]; then
+				if [ "${mtp_port}" = "${cont_port}" ] && [ "${mtp_encr}" = "${cont_encr}" ]; then
 					dhcp_mtp="${mtp}"
 					break
 				fi
@ -306,43 +318,43 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 	if [ -n "${dhcp_controller}" ]; then
 		## Handling of controller section
-		ct_endpoint=$(uci -q get obuspa.$dhcp_controller.EndpointID)
+		ct_endpoint=$(uci -q get obuspa."${dhcp_controller}".EndpointID)
-		ct_proto=$(uci -q get obuspa.$dhcp_controller.Protocol)
+		ct_proto=$(uci -q get obuspa."${dhcp_controller}".Protocol)
-		ct_prov=$(uci -q get obuspa.$dhcp_controller.ProvisioningCode)
+		ct_prov=$(uci -q get obuspa."${dhcp_controller}".ProvisioningCode)
 		if [ "${ct_proto}" = "MQTT" ]; then
-			ct_topic=$(uci -q get obuspa.$dhcp_controller.Topic)
+			ct_topic=$(uci -q get obuspa."${dhcp_controller}".Topic)
 		else
-			ct_topic=$(uci -q get obuspa.$dhcp_controller.Path)
+			ct_topic=$(uci -q get obuspa."${dhcp_controller}".Path)
 		fi
 		if [ -n "${ENDPOINT_ID}" ] && [ "${ct_endpoint}" != "${ENDPOINT_ID}" ]; then
-			uci -q set obuspa.$dhcp_controller.EndpointID="${ENDPOINT_ID}"
+			uci -q set obuspa."${dhcp_controller}".EndpointID="${ENDPOINT_ID}"
 			uci_change=1
 		fi
 		if [ -n "${offered_proto}" ] && [ "${ct_proto}" != "${offered_proto}" ]; then
-			uci -q set obuspa.$dhcp_controller.Protocol="${offered_proto}"
+			uci -q set obuspa."${dhcp_controller}".Protocol="${offered_proto}"
 			if [ "${offered_proto}" != "MQTT" ]; then
-				uci -q set obuspa.$dhcp_controller.mqtt=""
+				uci -q delete obuspa."${dhcp_controller}".mqtt
-				uci -q set obuspa.$dhcp_controller.Topic=""
+				uci -q delete obuspa."${dhcp_controller}".Topic
-				uci -q set obuspa.$dhcp_controller.Host="${ip}"
+				uci -q set obuspa."${dhcp_controller}".Host="${ip}"
-				uci -q set obuspa.$dhcp_controller.Port="${port}"
+				uci -q set obuspa."${dhcp_controller}".Port="${port}"
-				uci -q set obuspa.$dhcp_controller.Path="${ct_topic}"
+				uci -q set obuspa."${dhcp_controller}".Path="${ct_topic}"
-				uci -q set obuspa.$dhcp_controller.EnableEncryption="${mtp_encrypt}"
+				uci -q set obuspa."${dhcp_controller}".EnableEncryption="${mtp_encrypt}"
 			else
-				uci -q set obuspa.$dhcp_controller.EnableEncryption=""
+				uci -q delete obuspa."${dhcp_controller}".EnableEncryption
-				uci -q set obuspa.$dhcp_controller.Path=""
+				uci -q delete obuspa."${dhcp_controller}".Path
-				uci -q set obuspa.$dhcp_controller.Host=""
+				uci -q delete obuspa."${dhcp_controller}".Host
-				uci -q set obuspa.$dhcp_controller.Port=""
+				uci -q delete obuspa."${dhcp_controller}".Port
 				if [ -z "${dhcp_mqtt}" ]; then
-					uci -q set obuspa.$dhcp_controller.mqtt='dhcpmqtt'
+					uci -q set obuspa."${dhcp_controller}".mqtt='dhcpmqtt'
 				else
-					uci -q set obuspa.$dhcp_controller.mqtt="${dhcp_mqtt}"
+					uci -q set obuspa."${dhcp_controller}".mqtt="${dhcp_mqtt}"
 				fi
-				uci -q set obuspa.$dhcp_controller.Topic="${ct_topic}"
+				uci -q set obuspa."${dhcp_controller}".Topic="${ct_topic}"
 			fi
 			proto_changed=1
@ -355,38 +367,37 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 				protocol="${offered_proto}"
 			fi
-			if [ "${protocol}" == "MQTT" ]; then
+			if [ "${protocol}" = "MQTT" ]; then
-				uci -q set obuspa.$dhcp_controller.Topic="${topic}"
+				uci -q set obuspa."${dhcp_controller}".Topic="${topic}"
 			else
-				uci -q set obuspa.$dhcp_controller.Path="${topic}"
+				uci -q set obuspa."${dhcp_controller}".Path="${topic}"
 			fi
 			uci_change=1
 		fi
 		if [ -n "${PROV_CODE}" ] && [ "${ct_prov}" != "${PROV_CODE}" ]; then
-			uci -q set obuspa.$dhcp_controller.ProvisioningCode="${PROV_CODE}"
+			uci -q set obuspa."${dhcp_controller}".ProvisioningCode="${PROV_CODE}"
 			uci_change=1
 		fi
 		if [ "${proto_changed}" -eq 1 ]; then
-			if [ "${offered_proto}" == "WebSocket" ]; then
+			if [ "${offered_proto}" = "WebSocket" ]; then
 				if [ -n "${dhcp_mqtt}" ]; then
-					uci -q del obuspa.$dhcp_mqtt
+					uci -q delete obuspa."${dhcp_mqtt}"
 				fi
 				if [ -z "${dhcp_mtp}" ]; then
-					sec=$(uci -q add obuspa mtp)
+					uci -q set obuspa.dhcpmtp="mtp"
 					uci -q rename obuspa."${sec}"='dhcpmtp'
 					dhcp_mtp="dhcpmtp"
-					uci -q set obuspa.$dhcp_mtp.Enable='1'
+					uci -q set obuspa."${dhcp_mtp}".Enable='1'
 				fi
-				uci -q set obuspa.$dhcp_mtp.mqtt=''
+				uci -q set obuspa."${dhcp_mtp}".mqtt=''
-				uci -q set obuspa.$dhcp_mtp.ResponseTopicConfigured=''
+				uci -q set obuspa."${dhcp_mtp}".ResponseTopicConfigured=''
-				uci -q set obuspa.$dhcp_mtp.Protocol='WebSocket'
+				uci -q set obuspa."${dhcp_mtp}".Protocol='WebSocket'
-				uci -q set obuspa.$dhcp_mtp.Port="${port}"
+				uci -q set obuspa."${dhcp_mtp}".Port="${port}"
-				uci -q set obuspa.$dhcp_mtp.EnableEncryption="${mtp_encrypt}"
+				uci -q set obuspa."${dhcp_mtp}".EnableEncryption="${mtp_encrypt}"
 				uci_change=1
 			else
@ -394,84 +405,83 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 					user="$(uci -q get obuspa.global.username)"
 					pass="$(uci -q get obuspa.global.password)"
-					sec=$(uci -q add obuspa mqtt)
+					uci -q set obuspa.dhcpmqtt="mqtt"
 					uci -q rename obuspa."${sec}"='dhcpmqtt'
 					dhcp_mqtt="dhcpmqtt"
-					uci -q set obuspa.$dhcp_mqtt.Enable='1'
+					uci -q set obuspa."${dhcp_mqtt}".Enable='1'
-					uci -q set obuspa.$dhcp_mqtt.Username="${user}"
+					uci -q set obuspa."${dhcp_mqtt}".Username="${user}"
-					uci -q set obuspa.$dhcp_mqtt.Password="${pass}"
+					uci -q set obuspa."${dhcp_mqtt}".Password="${pass}"
 				fi
-				uci -q set obuspa.$dhcp_mqtt.BrokerAddress="${ip}"
+				uci -q set obuspa."${dhcp_mqtt}".BrokerAddress="${ip}"
-				uci -q set obuspa.$dhcp_mqtt.BrokerPort="${port}"
+				uci -q set obuspa."${dhcp_mqtt}".BrokerPort="${port}"
-				uci -q set obuspa.$dhcp_mqtt.TransportProtocol="${mtp_encrypt}"
+				uci -q set obuspa."${dhcp_mqtt}".TransportProtocol="${mtp_encrypt}"
-				uci -q set obuspa.$dhcp_mqtt.ProtocolVersion='5.0'
+				uci -q set obuspa."${dhcp_mqtt}".ProtocolVersion='5.0'
 				if [ -z "${dhcp_mtp}" ]; then
-					sec=$(uci -q add obuspa mtp)
+					uci -q set obuspa.dhcpmtp="mtp"
 					uci -q rename obuspa."${sec}"='dhcpmtp'
 					dhcp_mtp="dhcpmtp"
-					uci -q set obuspa.$dhcp_mtp.Enable='1'
+					uci -q set obuspa."${dhcp_mtp}".Enable='1'
 				fi
 				agent_topic=$(get_agent_topic)
-				uci -q set obuspa.$dhcp_mtp.Port=""
+				uci -q delete obuspa."${dhcp_mtp}".Port
-				uci -q set obuspa.$dhcp_mtp.EnableEncryption=""
+				uci -q delete obuspa."${dhcp_mtp}".EnableEncryption
-				uci -q set obuspa.$dhcp_mtp.Protocol='MQTT'
+				uci -q set obuspa."${dhcp_mtp}".Protocol='MQTT'
-				uci -q set obuspa.$dhcp_mtp.ResponseTopicConfigured="${agent_topic}"
+				uci -q set obuspa."${dhcp_mtp}".ResponseTopicConfigured="${agent_topic}"
-				uci -q set obuspa.$dhcp_mtp.mqtt="${dhcp_mqtt}"
+				uci -q set obuspa."${dhcp_mtp}".mqtt="${dhcp_mqtt}"
 				uci_change=1
 			fi
 		else
-			if [ "${ct_proto}" == "WebSocket" ]; then
+			if [ "${ct_proto}" = "WebSocket" ]; then
-				conf_ip="$(uci -q get obuspa.$dhcp_controller.Host)"
+				conf_ip="$(uci -q get obuspa."${dhcp_controller}".Host)"
-				conf_port="$(uci -q get obuspa.$dhcp_mtp.Port)"
+				conf_port="$(uci -q get obuspa."${dhcp_mtp}".Port)"
-				conf_encr="$(uci -q get obuspa.$dhcp_mtp.EnableEncryption)"
+				conf_encr="$(uci -q get obuspa."${dhcp_mtp}".EnableEncryption)"
 				if [ -n "${ip}" ] && [ "${conf_ip}" != "${ip}" ]; then
-					uci -q set obuspa.$dhcp_controller.Host="${ip}"
+					uci -q set obuspa."${dhcp_controller}".Host="${ip}"
 					uci_change=1
 				fi
 				if [ -n "${port}" ] && [ "${conf_port}" != "${port}" ]; then
-					uci -q set obuspa.$dhcp_mtp.Port="${port}"
+					uci -q set obuspa."${dhcp_mtp}".Port="${port}"
-					uci -q set obuspa.$dhcp_controller.Port="${port}"
+					uci -q set obuspa."${dhcp_controller}".Port="${port}"
 					uci_change=1
 				fi
 				if [ -n "${mtp_encrypt}" ] && [ "${conf_encr}" != "${mtp_encrypt}" ]; then
-					uci -q set obuspa.$dhcp_mtp.EnableEncryption="${mtp_encrypt}"
+					uci -q set obuspa."${dhcp_mtp}".EnableEncryption="${mtp_encrypt}"
-					uci -q set obuspa.$dhcp_controller.EnableEncryption="${mtp_encrypt}"
+					uci -q set obuspa."${dhcp_controller}".EnableEncryption="${mtp_encrypt}"
 					uci_change=1
 				fi
 			else
-				conf_ip="$(uci -q get obuspa.$dhcp_mqtt.BrokerAddress)"
+				conf_ip=$(uci -q get obuspa."${dhcp_mqtt}".BrokerAddress)
-				conf_port="$(uci -q get obuspa.$dhcp_mqtt.BrokerPort)"
+				conf_port=$(uci -q get obuspa."${dhcp_mqtt}".BrokerPort)
-				conf_encr="$(uci -q get obuspa.$dhcp_mqtt.TransportProtocol)"
+				conf_encr=$(uci -q get obuspa."${dhcp_mqtt}".TransportProtocol)
 				if [ -n "${port}" ] && [ "${conf_port}" != "${port}" ]; then
-					uci -q set obuspa.$dhcp_mqtt.BrokerPort="${port}"
+					uci -q set obuspa."${dhcp_mqtt}".BrokerPort="${port}"
 					uci_change=1
 				fi
 				if [ -n "${mtp_encrypt}" ] && [ "${conf_encr}" != "${mtp_encrypt}" ]; then
-					uci -q set obuspa.$dhcp_mqtt.TransportProtocol="${mtp_encrypt}"
+					uci -q set obuspa."${dhcp_mqtt}".TransportProtocol="${mtp_encrypt}"
 					uci_change=1
 				fi
 				if [ -n "${ip}" ] && [ "${conf_ip}" != "${ip}" ]; then
-					uci -q set obuspa.$dhcp_mqtt.BrokerAddress="${ip}"
+					uci -q set obuspa."${dhcp_mqtt}".BrokerAddress="${ip}"
 					uci_change=1
 				fi
 			fi
 		fi
 	else
-		uci -q del obuspa.dhcpmtp
+		# Only setup a new controller, only if mandatory param present
-		uci -q del obuspa.dhcpmqtt
+		if [ -n "${ENDPOINT_ID}" ] && [ -n "${URL}" ]; then
 			uci -q delete obuspa.dhcpmtp
 			uci -q delete obuspa.dhcpmqtt
-		sec=$(uci -q add obuspa controller)
+			uci -q set obuspa.dhcpcontroller="controller"
 		uci -q rename obuspa."${sec}"='dhcpcontroller'
 			uci -q set obuspa.dhcpcontroller.dhcp_discovered="1"
 			uci -q set obuspa.dhcpcontroller.EndpointID="${ENDPOINT_ID}"
 			uci -q set obuspa.dhcpcontroller.ProvisioningCode="${PROV_CODE}"
@ -480,15 +490,14 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 			uci -q set obuspa.dhcpcontroller.Enable='1'
 			if [ -n "${offered_proto}" ]; then
-			if [ "${offered_proto}" == "MQTT" ]; then
+				if [ "${offered_proto}" = "MQTT" ]; then
 					user="$(uci -q get obuspa.global.username)"
 					pass="$(uci -q get obuspa.global.password)"
 					uci -q set obuspa.dhcpcontroller.Topic="${topic}"
 					uci -q set obuspa.dhcpcontroller.mqtt='dhcpmqtt'
-				sec=$(uci -q add obuspa mqtt)
+					uci -q set obuspa.dhcpmqtt="mqtt"
 				uci -q rename obuspa."${sec}"='dhcpmqtt'
 					uci -q set obuspa.dhcpmqtt.BrokerAddress="${ip}"
 					uci -q set obuspa.dhcpmqtt.BrokerPort="${port}"
 					uci -q set obuspa.dhcpmqtt.TransportProtocol="${mtp_encrypt}"
@ -499,8 +508,7 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 					agent_topic=$(get_agent_topic)
-				sec=$(uci -q add obuspa mtp)
+					uci -q set obuspa.dhcpmtp="mtp"
 				uci -q rename obuspa."${sec}"='dhcpmtp'
 					uci -q set obuspa.dhcpmtp.Protocol='MQTT'
 					uci -q set obuspa.dhcpmtp.ResponseTopicConfigured="${agent_topic}"
 					uci -q set obuspa.dhcpmtp.Enable='1'
@ -511,20 +519,21 @@ if [ "${wan_intf}" == "${INTERFACE}" ]; then
 					uci -q set obuspa.dhcpcontroller.Port="${port}"
 					uci -q set obuspa.dhcpcontroller.EnableEncryption="${mtp_encrypt}"
-				sec=$(uci -q add obuspa mtp)
+					uci -q set obuspa.dhcpmtp="mtp"
 				uci -q rename obuspa."${sec}"='dhcpmtp'
 					uci -q set obuspa.dhcpmtp.Protocol='WebSocket'
 					uci -q set obuspa.dhcpmtp.Port="${port}"
 					uci -q set obuspa.dhcpmtp.Enable='1'
 					uci -q set obuspa.dhcpmtp.EnableEncryption="${mtp_encrypt}"
 				fi
 			fi
 			uci_change=1
 		fi
 	fi
 	if [ ${uci_change} -eq 1 ]; then
 		if [ -f "${OBUSPA_BOOT_MARKER}" ]; then
 			rm -f "${OBUSPA_BOOT_MARKER}"
 		fi
 		log "# Reloading obuspa as dhcp config changed"
 		ubus call uci commit '{"config":"obuspa"}'
 	fi
--- a/obuspa/patches/2005-set-sql-journal-mode.patch
+++ b/obuspa/patches/2005-set-sql-journal-mode.patch
@ -0,0 +1,28 @@
 diff --git a/src/core/database.c b/src/core/database.c
 index 7ad9dae..edebd7c 100644
 --- a/src/core/database.c
 +++ b/src/core/database.c
@@ -955,6 +955,7 @@ void DATABASE_Dump(void)
 int OpenUspDatabase(char *db_file)
 {
     int err;
 +    char *err_msg = 0;
     // Exit if unable to open the database
     err = sqlite3_open(db_file, &db_handle);
@@ -965,6 +966,15 @@ int OpenUspDatabase(char *db_file)
         return USP_ERR_INTERNAL_ERROR;
     }
 +    // Execute the PRAGMA statement
 +    const char *sql = "PRAGMA journal_mode = MEMORY;";
 +    err = sqlite3_exec(db_handle, sql, 0, 0, &err_msg);
 +    if (err != SQLITE_OK) {
 +        USP_LOG_Error("%s: Failed to set journal_mode: %s", __func__, err_msg);
 +        sqlite3_free(err_msg);
 +        return USP_ERR_INTERNAL_ERROR;
 +    }
 +
     // Exit if unable to create the data model parameter table (if it does not already exist)
     #define CREATE_TABLE_STR "create table if not exists data_model (hash integer, instances text, value text, primary key (hash, instances));"
     err = sqlite3_exec(db_handle, CREATE_TABLE_STR, NULL, NULL, NULL);
--- a/obuspa/patches/2006-force-db-update.patch
+++ b/obuspa/patches/2006-force-db-update.patch
@ -0,0 +1,23 @@
 diff --git a/src/core/database.c b/src/core/database.c
 index 7ad9dae..0bf9c90 100644
 --- a/src/core/database.c
 +++ b/src/core/database.c
@@ -1479,3 +1479,7 @@ int GetAllEntriesForParameter(db_hash_t hash, kv_vector_t *kvv)
     return result;
 }
 +void DATABASE_force_reset_file()
 +{
 +    schedule_factory_reset_init = true;
 +}
 diff --git a/src/core/database.h b/src/core/database.h
 index c88cf3a..376aa7a 100644
 --- a/src/core/database.h
 +++ b/src/core/database.h
@@ -67,5 +67,6 @@ void DATABASE_Dump(void);
 int DATABASE_ReadDataModelInstanceNumbers(bool remove_unknown_params);
 db_hash_t DATABASE_GetMigratedHash(db_hash_t hash);
 +void DATABASE_force_reset_file();
 #endif