The mutating side of the unified distribution primitive (spec §8.3). Hotfixes can now be applied and reverted, first-party, through the task system. New scripts/cli/commands/artifact/cli_artifact_apply.sh: - artifactApply <id>: resolve+gate (applies_when / min_lp / max_lp / max_footprint / publishers-map role) → fetch+verify payload (sha256 pinned by the signed index + minisig) → dry-precheck ALL ops (all-or-nothing) → best- effort snapshot → apply each op recording a precise inverse → bring app up → auto-rollback (replay undo LIFO, snapshot fallback) → applied-record + History. - artifactRevert <id>: replay the applied-record's undo log (LIFO). - Bounded, CLOSED op vocabulary (no run-script/exec, ever): set-config-key, set-compose-image, patch-file-if-checksum-matches, set-data-file. An unsupported op rejects the whole artifact at precheck (fail-closed). - Write-target firewall: scope:app → containers/<app>/ only; scope:system → configs/ only; the install tree (our code) is off-limits to hotfixes (fork 1). Drift guards (expect_current / checksum) skip cleanly rather than clobber. - Two-tier trust: index minisig-verified vs the footprint key (lpFetchIndex) covers the envelope; payload sha256-pinned + minisig-verified; publishers-map role gate (a non-official publisher can't claim official). Community per- artifact-key sigs are gated off until that tier is enabled. cli_artifact_commands.sh: apply/revert via the task system (artifact_apply / artifact_revert types — no allowlist needed), + read-only `applied` list. cli_updater_commands.sh: - FIX verified safety bug: updaterApplyApp/RollbackApp called `libreportal backup app "$app"` and `... restore latest`, which parse the app name as the ACTION, hit the dispatcher's `*)` default (exits 0) — so updates ran with NO snapshot and rollback was a silent no-op. Call backupAppStart / restoreAppStart directly. - FIX updaterRecordHistory jq-silent-skip: was `command -v jq || return 0` (silently dropped the audit entry). Now fail-closed with a brace-agnostic bash-native prepend fallback; extended with artifact_id/serial/undo_id. fetch.sh: add _lpJsonEsc (shared JSON-escape for the jq-free fallbacks). Regenerated source arrays + lazy-load manifest for the new file/functions. Unit-tested 31/31: every op apply+precheck+undo round-trip, the path-allowlist firewall (incl. .. traversal + install-tree + cross-app rejection), all-or- nothing abort, unsupported-op rejection, and the History bash-native fallback (records + preserves prior entries without jq). A full signed-apply e2e needs minisign + the signing key (Phase 5 make_hotfix.sh). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
59 lines
2.4 KiB
Bash
Executable File
59 lines
2.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# This file is auto-generated by generate_arrays.sh
|
|
# Do not edit manually - run './scripts/source/files/generate_arrays.sh run' to regenerate
|
|
|
|
cli_scripts=(
|
|
"cli/cli_initialize.sh"
|
|
"cli/cli_update.sh"
|
|
"cli/commands/app/cli_app_commands.sh"
|
|
"cli/commands/app/cli_app_header.sh"
|
|
"cli/commands/app/cli_app_restore.sh"
|
|
"cli/commands/app/cli_app_tool_list.sh"
|
|
"cli/commands/artifact/cli_artifact_apply.sh"
|
|
"cli/commands/artifact/cli_artifact_commands.sh"
|
|
"cli/commands/artifact/cli_artifact_header.sh"
|
|
"cli/commands/backup/cli_backup_commands.sh"
|
|
"cli/commands/backup/cli_backup_header.sh"
|
|
"cli/commands/config/cli_config_commands.sh"
|
|
"cli/commands/config/cli_config_header.sh"
|
|
"cli/commands/debug/cli_debug_commands.sh"
|
|
"cli/commands/debug/cli_debug_header.sh"
|
|
"cli/commands/dockertype/cli_dockertype_commands.sh"
|
|
"cli/commands/dockertype/cli_dockertype_header.sh"
|
|
"cli/commands/firewall/cli_firewall_commands.sh"
|
|
"cli/commands/firewall/cli_firewall_header.sh"
|
|
"cli/commands/help/cli_help_commands.sh"
|
|
"cli/commands/help/cli_help_header.sh"
|
|
"cli/commands/install/cli_install_commands.sh"
|
|
"cli/commands/install/cli_install_header.sh"
|
|
"cli/commands/ip/cli_ip_commands.sh"
|
|
"cli/commands/ip/cli_ip_header.sh"
|
|
"cli/commands/peer/cli_peer_commands.sh"
|
|
"cli/commands/peer/cli_peer_header.sh"
|
|
"cli/commands/regen/cli_regen_commands.sh"
|
|
"cli/commands/regen/cli_regen_header.sh"
|
|
"cli/commands/reset/cli_reset_commands.sh"
|
|
"cli/commands/reset/cli_reset_header.sh"
|
|
"cli/commands/restore/cli_restore_commands.sh"
|
|
"cli/commands/restore/cli_restore_header.sh"
|
|
"cli/commands/setup/cli_setup_commands.sh"
|
|
"cli/commands/setup/cli_setup_header.sh"
|
|
"cli/commands/ssh/cli_ssh_commands.sh"
|
|
"cli/commands/ssh/cli_ssh_header.sh"
|
|
"cli/commands/system/cli_system_commands.sh"
|
|
"cli/commands/system/cli_system_header.sh"
|
|
"cli/commands/update/cli_update_commands.sh"
|
|
"cli/commands/update/cli_update_header.sh"
|
|
"cli/commands/updater/cli_updater_commands.sh"
|
|
"cli/commands/updater/cli_updater_header.sh"
|
|
"cli/commands/validation/cli_validation_commands.sh"
|
|
"cli/commands/validation/cli_validation_header.sh"
|
|
"cli/commands/verify/cli_verify_commands.sh"
|
|
"cli/commands/verify/cli_verify_header.sh"
|
|
"cli/commands/webui/cli_webui_commands.sh"
|
|
"cli/commands/webui/cli_webui_header.sh"
|
|
"cli/task/cli_task_run.sh"
|
|
|
|
)
|