feat: rewrite ujust harden-flatpak in Python#1599
Merged
RoyalOughtness merged 4 commits intosecureblue:livefrom Nov 20, 2025
Merged
feat: rewrite ujust harden-flatpak in Python#1599RoyalOughtness merged 4 commits intosecureblue:livefrom
RoyalOughtness merged 4 commits intosecureblue:livefrom
Conversation
HastD
force-pushed
the
harden-flatpak
branch
from
bbed42c to
257dc27
Compare
Collaborator
|
Aside from the cyclomatic complexity codacy complaints (which are almost certainly already present in the bash), this seems good |
HastD
force-pushed
the
harden-flatpak
branch
from
aa98310 to
45877d3
Compare
Collaborator
Author
|
The cyclomatic complexity issues being flagged are due to the difference between Lizard (the complexity analyzer Codacy uses) and the one Ruff uses; this issue has come up before, and I still think the one Ruff uses does a better job of measuring the complexity of Python code. The main difference I've noticed is that with Lizard, list comprehensions increase cyclomatic complexity as if they were written as loops. Ruff is set up to check that all functions have cyclomatic complexity at most 8, and the code here passes that check. |
HastD
force-pushed
the
harden-flatpak
branch
from
45877d3 to
c8ffed4
Compare
RoyalOughtness
previously approved these changes
Nov 14, 2025
The Python rewrite has the same basic logic but with some improvements to user-facing messages and the app ID search logic. The third-party `inquirer` module is used for letting the user select from a list of options, and is installed via RPM. (I put it in `common-packages.yml` rather than `desktop-packages.yml` because it's likely to be useful in other ujust scripts, and is a small package in any case.) Also move audit-script-specific parts of the `utils` module into a new `audit_utils` module, and fix a minor type error in `is_using_vpn`.
This ensures the version of `just` used in CI is the same as the one used in the images. Also made some minor reliability improvements to `manuallyinstalljust.sh`: use `mktemp` to generate a temporary directory instead of just using `/tmp`, and set `curl` options to retry on failure and to not suppress error message output.
HastD
force-pushed
the
harden-flatpak
branch
from
c8ffed4 to
c3eddf5
Compare
ShadowSlayer1441
approved these changes
Nov 19, 2025
RoyalOughtness
approved these changes
Nov 20, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The Python rewrite has the same basic logic but with some improvements to user-facing messages and the app ID search logic.
The third-party
inquirermodule is used for letting the user select from a list of options, and is installed via RPM. (I put it incommon-packages.ymlrather thandesktop-packages.ymlbecause it's likely to be useful in other ujust scripts, and is a small package in any case.)Also move audit-script-specific parts of the
utilsmodule into a newaudit_utilsmodule, and fix a minor type error inis_using_vpn.