feat: update run0edit to v0.4.3 w/ support for immutable flag#1055
Merged
RoyalOughtness merged 9 commits intosecureblue:livefrom May 19, 2025
Merged
feat: update run0edit to v0.4.3 w/ support for immutable flag#1055RoyalOughtness merged 9 commits intosecureblue:livefrom
RoyalOughtness merged 9 commits intosecureblue:livefrom
Conversation
The new version of `run0edit` checks for the immutable flag on the file to be edited, and if so, asks the user whether to temporarily remove it to edit the file. This makes editing immutable files less error-prone, as the immutable flag is only removed for the brief window necessary to overwrite the file contents and reapplied immediately afterward; the script also compares the file contents after the immutable flag has been reapplied to ensure it was not modified by another program during that window. Signed-off-by: Daniel Hast <[email protected]>
* Handle immutable flag on directory. * Check for read-only filesystems to error out earlier.
HastD
changed the title
No change to script functionality with this commit, but single-quotes no longer need to be avoided in the inner script since it's wrapped in a heredoc.
HastD
changed the title
Collaborator
Author
|
Just FYI, I refactored the script so that, in the run0edit repo, the main script and inner (privileged) script are now in separate files and are merged into the final So, you may find it easier to review the inner script at https://github.com/HastD/run0edit/blob/main/run0edit-inner.sh since it has proper syntax highlighting—the |
RoyalOughtness
approved these changes
May 19, 2025
ShadowSlayer1441
approved these changes
May 19, 2025
RoyalOughtness
pushed a commit
to RoyalOughtness/secureblue-dev
that referenced
this pull request
Aug 4, 2025
…blue#1055) * feat: update run0edit to v0.4.0 w/ support for immutable flag The new version of `run0edit` checks for the immutable flag on the file to be edited, and if so, asks the user whether to temporarily remove it to edit the file. This makes editing immutable files less error-prone, as the immutable flag is only removed for the brief window necessary to overwrite the file contents and reapplied immediately afterward; the script also compares the file contents after the immutable flag has been reapplied to ensure it was not modified by another program during that window. Signed-off-by: Daniel Hast <[email protected]> * fix: handle case where lsattr gives error * feat(run0edit): update to v0.4.1 * Handle immutable flag on directory. * Check for read-only filesystems to error out earlier. * improve control flow & message wording * refactor how inner script is substituted into main script No change to script functionality with this commit, but single-quotes no longer need to be avoided in the inner script since it's wrapped in a heredoc. * split out duplicated code into functions * simplify read-only filesystem check, reduce code duplication --------- Signed-off-by: Daniel Hast <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The new version of
run0editchecks for the immutable flag on the file to be edited (or the directory if the file doesn't exist), and if so, asks the user whether to temporarily remove it to edit/create the file. This makes editing immutable files less error-prone, as the immutable flag is only removed for the brief window necessary to overwrite the file contents and reapplied immediately afterward; the script also compares the file contents after the immutable flag has been reapplied to ensure it was not modified by another program during that window.There are also miscellaneous improvements to the script's argument handling, which now parses arguments in a more conventional way and accepts both
--helpand--versionarguments, and the inner privileged script has been refactored to reduce code duplication.