From 92c731952bf387f627a00edc48c02741e91dd151 Mon Sep 17 00:00:00 2001 From: librelad Date: Sun, 24 May 2026 17:05:37 +0100 Subject: [PATCH] refactor(de-sudo): update/git backup helpers off raw sudo The git-update backup helpers operate on the manager-owned $backup_install_dir: use_git_backup unzip + config_git_check find -> runInstallOp; install_git_backup standalone find -> runInstallOp (drop the nested -exec sudo rm), and its cd && find | xargs rm pipeline drops its sudos (manager owns the dir). The many 'sudo -u $sudo_user_name git/rm/zip' calls stay (already least-privilege). Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- scripts/update/backup/install_git_backup.sh | 4 ++-- scripts/update/backup/use_git_backup.sh | 2 +- scripts/update/git/checks/config_git_check.sh | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/update/backup/install_git_backup.sh b/scripts/update/backup/install_git_backup.sh index 173416c..a697d4b 100755 --- a/scripts/update/backup/install_git_backup.sh +++ b/scripts/update/backup/install_git_backup.sh @@ -2,8 +2,8 @@ gitCleanInstallBackups() { - local result=$(sudo find "$backup_install_dir" -mindepth 1 -type f ! -name '*.zip' -o -type d ! -name '*.zip' -exec sudo rm -rf {} +) + local result=$(runInstallOp find "$backup_install_dir" -mindepth 1 -type f ! -name '*.zip' -o -type d ! -name '*.zip' -exec rm -rf {} +) checkSuccess "Cleaning up install backup folders." - local result=$(cd "$backup_install_dir" && sudo find . -maxdepth 1 -type f -name '*.zip' | sudo xargs ls -t | tail -n +6 | sudo xargs -r rm) + local result=$(cd "$backup_install_dir" && find . -maxdepth 1 -type f -name '*.zip' | xargs ls -t | tail -n +6 | xargs -r rm) checkSuccess "Deleting old install backup and keeping the latest 5." } \ No newline at end of file diff --git a/scripts/update/backup/use_git_backup.sh b/scripts/update/backup/use_git_backup.sh index d767fbf..93a8292 100755 --- a/scripts/update/backup/use_git_backup.sh +++ b/scripts/update/backup/use_git_backup.sh @@ -7,7 +7,7 @@ gitUseExistingBackup() local backup_file_without_zip=$(basename "$backup_file" .zip) update_done=false - local result=$(sudo unzip -o $backup_file -d $backup_install_dir) + local result=$(runInstallOp unzip -o $backup_file -d $backup_install_dir) checkSuccess "Copy the configs to the backup folder" gitReset; diff --git a/scripts/update/git/checks/config_git_check.sh b/scripts/update/git/checks/config_git_check.sh index 68fe550..7b66b6b 100755 --- a/scripts/update/git/checks/config_git_check.sh +++ b/scripts/update/git/checks/config_git_check.sh @@ -7,7 +7,7 @@ gitCheckConfigs() local valid_configs_found=false # Get a list of all backup zip files in the directory, sorted by date (latest first) - local backup_files=($(sudo find "$backup_install_dir" -type f -name 'backup_*.zip' | sort -r)) + local backup_files=($(runInstallOp find "$backup_install_dir" -type f -name 'backup_*.zip' | sort -r)) # Check if any backup files were found if [ ${#backup_files[@]} -eq 0 ]; then @@ -43,9 +43,9 @@ gitCheckConfigs() unzip -q "$zip_file" -d "$temp_dir" # Find the path of config files within the extracted files (new structure only) - local config_file_path=$(sudo find "$temp_dir" -type f -path "*/general/basic_settings" | head -1) + local config_file_path=$(runInstallOp find "$temp_dir" -type f -path "*/general/basic_settings" | head -1) if [ -z "$config_file_path" ]; then - config_file_path=$(sudo find "$temp_dir" -type f -path "*/general/git_config" | head -1) + config_file_path=$(runInstallOp find "$temp_dir" -type f -path "*/general/git_config" | head -1) fi # Check if config file exists and does not contain "Change-Me"