[RESEND PATCH v2] pacdiff: Don't use $SUDO on temporary files

Daniel M. Capella polyzen at archlinux.org
Wed Jul 28 03:53:04 UTC 2021 

On 5/23/21 7:18 AM, Denton Liu wrote:
> In 19ab4fa (pacdiff: Add option to use sudo/sudoedit to manage files,
> 2021-03-27), pacdiff was taught to accept -s to run various commands
> with $SUDO. This introduced many instances of $SUDO in merge_file()
> where most of them are unnecessary.
>
> In particular, it is not necessary to $SUDO to write the temporary files
> as /tmp should be writable by all[0][1].
>
> Also, the usage of sudoedit when comparing the original file with the
> merge result is unnecessary. This is because root permissions are not
> really required since users should not write to the original file
> anyway. The merged file will be used to overwrite the original file at
> the end of the function anyway.
>
> Remove these unnecessary usages of $SUDO.
>
> [0]: https://unix.stackexchange.com/a/71625
> [1]: https://serverfault.com/a/427290
>
> Signed-off-by: Denton Liu <liu.denton at gmail.com>
> ---
> Range-diff against v1:
> 1:  ab12657 < -:  ------- .mailmap: Map Daniel Parks
> 2:  9287d4e < -:  ------- .mailmap: Map Denton Liu
> 3:  636e0fb < -:  ------- pacdiff: update --sudo usages
> 4:  32bb4a1 ! 1:  ad45bdd pacdiff: Don't use $SUDO on temporary files
>      @@ Commit message
>           where most of them are unnecessary.
>       
>           In particular, it is not necessary to $SUDO to write the temporary files
>      -    as /tmp should be writable by all.
>      +    as /tmp should be writable by all[0][1].
>       
>      -    Also, remove the usage of sudoedit when comparing the original file with
>      -    the merge result. This is because the merged file is placed in a
>      -    writable directory. Attempting to run sudoedit on this file results in
>      -    the following error:
>      -
>      -            sudoedit: <file>: editing files in a writable directory is not permitted
>      -
>      -    but root permissions are not really required since users should not
>      -    write to the original file anyway. The merged file will be used to
>      -    overwrite the original file at the end of the function anyway.
>      +    Also, the usage of sudoedit when comparing the original file with the
>      +    merge result is unnecessary. This is because root permissions are not
>      +    really required since users should not write to the original file
>      +    anyway. The merged file will be used to overwrite the original file at
>      +    the end of the function anyway.
>       
>           Remove these unnecessary usages of $SUDO.
>       
>      +    [0]: https://unix.stackexchange.com/a/71625
>      +    [1]: https://serverfault.com/a/427290
>      +
>        ## src/pacdiff.sh.in ##
>       @@ src/pacdiff.sh.in: merge_file() {
>        	fi
>      @@ src/pacdiff.sh.in: merge_file() {
>       +	merged="$(mktemp "$tempdir"/"$basename.merged.XXX")"
>        
>       -	tar -xOf "$base_tar" "${file#/}" | $SUDO tee "$base" > /dev/null
>      --	if $SUDO $mergeprog "$file" "$base" "$pacfile" | $SUDO tee "$merged" > /dev/null; then
>      +-	$SUDO $mergeprog "$file" "$base" "$pacfile" | $SUDO tee "$merged" > /dev/null
>      +-	if [ "${PIPESTATUS[0]}" -ne "1" ]; then
>       +	tar -xOf "$base_tar" "${file#/}" >"$base"
>       +	if $mergeprog "$file" "$base" "$pacfile" >"$merged"; then
>        		msg2 "Merged without conflicts."
>
>   src/pacdiff.sh.in | 17 ++++++-----------
>   1 file changed, 6 insertions(+), 11 deletions(-)
>
> diff --git a/src/pacdiff.sh.in b/src/pacdiff.sh.in
> index 5af7e1c..3c34fdb 100644
> --- a/src/pacdiff.sh.in
> +++ b/src/pacdiff.sh.in
> @@ -117,21 +117,16 @@ merge_file() {
>   	fi
>   
>   	basename="$(basename "$file")"
> -	tempdir="$($SUDO mktemp -d --tmpdir "pacdiff-merge-$basename.XXX")"
> -	base="$($SUDO mktemp "$tempdir"/"$basename.base.XXX")"
> -	merged="$($SUDO mktemp "$tempdir"/"$basename.merged.XXX")"
> +	tempdir="$(mktemp -d --tmpdir "pacdiff-merge-$basename.XXX")"
> +	base="$(mktemp "$tempdir"/"$basename.base.XXX")"
> +	merged="$(mktemp "$tempdir"/"$basename.merged.XXX")"
>   
> -	tar -xOf "$base_tar" "${file#/}" | $SUDO tee "$base" > /dev/null
> -	$SUDO $mergeprog "$file" "$base" "$pacfile" | $SUDO tee "$merged" > /dev/null
> -	if [ "${PIPESTATUS[0]}" -ne "1" ]; then
> +	tar -xOf "$base_tar" "${file#/}" >"$base"
> +	if $mergeprog "$file" "$base" "$pacfile" >"$merged"; then
>   		msg2 "Merged without conflicts."
>   	fi
>   
> -	if [[ -n "$SUDO" ]]; then
> -		SUDO_EDITOR="$diffprog" sudoedit "$file" "$merged"
> -	else
> -		$diffprog "$file" "$merged"
> -	fi
> +	$diffprog "$file" "$merged"
>   
>   	while :; do
>   		ask "Would you like to use the results of the merge? [y/n] "
>
Pushed, thank you!

-- 
Best,
Daniel <https://danielcapella.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xEA4F7B321A906AD9.asc
Type: application/pgp-keys
Size: 15463 bytes
Desc: OpenPGP public key
URL: <https://lists.archlinux.org/pipermail/pacman-contrib/attachments/20210727/64e9c353/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-contrib/attachments/20210727/64e9c353/attachment.sig>

More information about the pacman-contrib mailing list