refactor(de-sudo): update/git backup helpers off raw sudo

The git-update backup helpers operate on the manager-owned $backup_install_dir:
use_git_backup unzip + config_git_check find -> runInstallOp; install_git_backup
standalone find -> runInstallOp (drop the nested -exec sudo rm), and its
cd && find | xargs rm pipeline drops its sudos (manager owns the dir). The
many 'sudo -u $sudo_user_name git/rm/zip' calls stay (already least-privilege).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-24 17:05:37 +01:00
parent d74474e428
commit 92c731952b
3 changed files with 6 additions and 6 deletions

View File

@ -2,8 +2,8 @@
gitCleanInstallBackups()
{
local result=$(sudo find "$backup_install_dir" -mindepth 1 -type f ! -name '*.zip' -o -type d ! -name '*.zip' -exec sudo rm -rf {} +)
local result=$(runInstallOp find "$backup_install_dir" -mindepth 1 -type f ! -name '*.zip' -o -type d ! -name '*.zip' -exec rm -rf {} +)
checkSuccess "Cleaning up install backup folders."
local result=$(cd "$backup_install_dir" && sudo find . -maxdepth 1 -type f -name '*.zip' | sudo xargs ls -t | tail -n +6 | sudo xargs -r rm)
local result=$(cd "$backup_install_dir" && find . -maxdepth 1 -type f -name '*.zip' | xargs ls -t | tail -n +6 | xargs -r rm)
checkSuccess "Deleting old install backup and keeping the latest 5."
}

View File

@ -7,7 +7,7 @@ gitUseExistingBackup()
local backup_file_without_zip=$(basename "$backup_file" .zip)
update_done=false
local result=$(sudo unzip -o $backup_file -d $backup_install_dir)
local result=$(runInstallOp unzip -o $backup_file -d $backup_install_dir)
checkSuccess "Copy the configs to the backup folder"
gitReset;

View File

@ -7,7 +7,7 @@ gitCheckConfigs()
local valid_configs_found=false
# Get a list of all backup zip files in the directory, sorted by date (latest first)
local backup_files=($(sudo find "$backup_install_dir" -type f -name 'backup_*.zip' | sort -r))
local backup_files=($(runInstallOp find "$backup_install_dir" -type f -name 'backup_*.zip' | sort -r))
# Check if any backup files were found
if [ ${#backup_files[@]} -eq 0 ]; then
@ -43,9 +43,9 @@ gitCheckConfigs()
unzip -q "$zip_file" -d "$temp_dir"
# Find the path of config files within the extracted files (new structure only)
local config_file_path=$(sudo find "$temp_dir" -type f -path "*/general/basic_settings" | head -1)
local config_file_path=$(runInstallOp find "$temp_dir" -type f -path "*/general/basic_settings" | head -1)
if [ -z "$config_file_path" ]; then
config_file_path=$(sudo find "$temp_dir" -type f -path "*/general/git_config" | head -1)
config_file_path=$(runInstallOp find "$temp_dir" -type f -path "*/general/git_config" | head -1)
fi
# Check if config file exists and does not contain "Change-Me"