setup-server, mount-helper: bugfixes

- config-edit: - cleaner output without useless padding - edit: - vscode no longer supports sudo editing - cleaned up the code to make it clearer - fs-own: - correct exit status on invalid paths and missing paths, such that chmod/chown failures are distinguishable from existence, access, and validity failures - fix --optional still failing on chmod fails - fs-rm: - no longer noisy on empty directories - trimming empty directories no longer noisy with silly find errors - get-devices: - support --quiet - added is-abort: - abstacted out and added support for more abort exist statuses, such that complex abort handling such as inside mount-helper becomes streamlined - mount-helper: - fix `--type=<type>` flag never having worked - can now unmount sources and types without targets - can now unmount the alternative targets of a source - cleanup parse/dump output - fix gocryptfs not getting fuse config when necessary - fix noisy and confusing get-devices output - improved unmount handling to support cases where the intended unmount was done by a user/group that wasn't intended - better clarity about what we are performign actions on - only output fstab/cron details when desired - correct usage of grep/ripgrep - correct and more details unmount handling under more variations of check statuses - correct handling of unmount aborts in more contexts - secret: - correct modern detection of login and prevent login details being output with values - setup-linux-fonts: - fix source-code-pro - setup-util: - add --no-xdg support - setup-util-gocryptfs: - use --no-xdg to ensure that mounting under specific users/groups works - ssh-helper: - use `is-abort` - sudo-helper: - clean output on --local - setup-server: - ensure gocryptfs is configure correctly - bash.bash: - add aliases for various flags for clearer usage
bevry · Feb 2, 2024 · 43abfda · 43abfda
1 parent d719d54
commit 43abfda
Show file tree

Hide file tree

Showing 17 changed files with 557 additions and 260 deletions.
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -21,20 +21,20 @@ actions:
 lint:
   enabled:
     - [email protected]
-    - black@23.12.1
-    - checkov@3.1.69
+    - black@24.1.1
+    - checkov@3.2.3
     - [email protected]
     - [email protected]
     - git-diff-check@SYSTEM
     - [email protected]
     - [email protected]
-    - markdownlint@0.38.0
+    - markdownlint@0.39.0
     - [email protected]
-    - [email protected].14
+    - [email protected].15
     - [email protected]
     - [email protected]
     - [email protected]
-    - trufflehog@3.63.11
+    - trufflehog@3.66.3
     - [email protected]
   disabled:
     - trivy

diff --git a/commands.beta/setup-server b/commands.beta/setup-server
@@ -349,6 +349,19 @@ function setup_server() (
 
 		# ensure newly created service users and groups are configured correctly
 		setup_owner
+
+		# gocryptfs
+		local temp
+		temp="$(type -P gocryptfs 2>/dev/null || :)"
+		if test -n "$temp"; then
+			# ensure that it is accessible
+			if ! sudo-helper --inherit --user="$SHARE_USER" --group="$SHARE_GROUP" -- "$temp" --version; then
+				setup-util-gocryptfs --upgrade
+			fi
+
+			# attach the group to the executable
+			fs-own --sudo --optional --permissions='g+rx' --group="$SHARE_GROUP" -- "$temp"
+		fi
 	}
 
 	# ---------------------------------

diff --git a/commands/config-edit b/commands/config-edit
@@ -306,16 +306,16 @@ function config_edit() (
 			if test -z "$expected"; then
 				echo-style --positive='It already has the undesired configuration removed.'
 			else
-				echo-style --positive='It already has these lines:' $'\n' --code="$option_line"
+				echo-style --positive='It already has these lines:' $'\n' --code="$option_line" | echo-trim-padding --stdin
 			fi
 			break
 		else
 			echo-style --invert="$option_name" ' is ' --negative='incorrectly' ' configured.'
 			if test -n "$lines"; then
-				echo-style --negative='These lines must be removed:' $'\n' --code="$lines"
+				echo-style --negative='These lines must be removed:' $'\n' --code="$lines" | echo-trim-padding --stdin
 			fi
 			if test -n "$expected"; then
-				echo-style --positive='These lines must be added:' $'\n' --code="$expected"
+				echo-style --positive='These lines must be added:' $'\n' --code="$expected" | echo-trim-padding --stdin
 			fi
 			if test -n "$option_applier" && confirm --positive --ppid=$$ -- "$(echo-style --bold='Apply these changes ' --positive='automatically' --bold=', or ' --negative='manually' --bold='?')"; then
 				"$option_applier" "$option_needle" "$expected" # don't use lines, as applier uses regex, and found lines aren't escaped for regex

diff --git a/commands/edit b/commands/edit
@@ -150,31 +150,40 @@ function edit_() (
 				# absolute path so sudo has availability: may not actually be necessary
 				# array[0]="$(fs-absolute -- "${array[0]}")"
 
-				# check if the editor requires prompts
-				if [[ $command =~ ^(code|atom|subl|emacs)$ ]]; then
-					# it is an editor that requires prompts
-					if test "$prompt" = 'yes'; then
-						# add --wait if desired and if supported
-						if test "$wait" = 'yes' && [[ $command =~ ^(code|atom|subl)$ ]]; then
-							array+=('-w')
-						fi
-						# use appropriate window system for the editor
-						case "$command" in
-						'code')
-							if is-wsl; then
-								array+=('--reuse-window')
-							else
-								# on wsl, --new-window causes git to wait forever to close the file
-								array+=('--new-window')
-							fi
-							;;
-						'emacs') array+=('--no-window-system') ;;
-						esac
+				# handle fancy editors fancifully
+				case "$command" in
+				'code')
+					if test "$prompt" = 'no' -o "$sudo" = 'yes'; then
+						continue
+					fi
+					if test "$wait" = 'yes'; then
+						array+=('-w')
+					fi
+					if is-wsl; then
+						array+=('--reuse-window')
 					else
-						# we don't want prompts, so skip this editor
+						# on wsl, --new-window causes git to wait forever to close the file
+						array+=('--new-window')
+					fi
+					;;
+				'atom' | 'subl')
+					if test "$prompt" = 'no' -o "$sudo" = 'yes'; then
 						continue
 					fi
-				fi
+					if test "$sudo" = 'yes'; then
+						continue
+					fi
+					if test "$wait" = 'yes'; then
+						array+=('-w')
+					fi
+					;;
+				'emacs')
+					if test "$prompt" = 'no'; then
+						continue
+					fi
+					array+=('--no-window-system')
+					;;
+				esac
 
 				# we have a suitable editor, leave the search
 				break

diff --git a/commands/fs-own b/commands/fs-own
@@ -151,14 +151,18 @@ function fs_own() (
 	done
 
 	# check
-	local index
 	if test "${#option_paths[@]}" -eq 0; then
-		help "No <path>s provided."
+		if test "$option_optional" = 'yes'; then
+			return 0
+		fi
+		echo-error 'No <path>s provided.'
+		return 22 # EINVAL 22 Invalid argument
 	fi
-	for index in "${!option_paths[@]}"; do
-		if test -z "${option_paths[index]}"; then
+	local path
+	for path in "${option_paths[@]}"; do
+		if test -z "$path"; then
 			echo-error 'Cannot claim ownership of an empty path:' $'\n' "$(echo-verbose -- "${option_paths[@]}")"
-			return 1
+			return 22 # EINVAL 22 Invalid argument
 		fi
 	done
 
@@ -302,7 +306,7 @@ function fs_own() (
 		if test "$available_status" -ne 0; then
 			if test "$option_optional" != 'yes'; then
 				echo-error 'Cannot claim ownership a path that does exist or is inaccessible:' $'\n' --code="$path"
-				return "$available_status"
+				return 2 # ENOENT 2 No such file or directory
 			fi
 		fi
 	}
@@ -331,30 +335,30 @@ function fs_own() (
 		fi
 	}
 
-	local path exists_status exit_status=0
-	if test "$option_optional" = 'yes'; then
-		for path in "${option_paths[@]}"; do
-			# ignore exist failures
-			eval_capture --statusvar=exists_status -- check_exists "$path"
-			if test "$exists_status" -eq 0; then
-				paths+=("$path")
-			fi
-		done
-	else
-		for path in "${option_paths[@]}"; do
-			# respect exist failures
-			eval_capture --statusvar=exists_status -- check_exists "$path"
-			if test "$exists_status" -eq 0; then
-				paths+=("$path")
-			else
-				exit_status="$exists_status"
-			fi
-		done
-	fi
+	# determine paths
+	local exists_status own_status
+	for path in "${option_paths[@]}"; do
+		eval_capture --statusvar=exists_status -- check_exists "$path"
+		# check existence
+		if test "$exists_status" -eq 0; then
+			paths+=("$path") # it exists, update ownership for it
+		fi
+	done
+	# perform the ownership
 	if test "${#paths[@]}" -ne 0; then
-		do_own
+		eval_capture --statusvar=own_status -- do_own
+		# check ownership failures
+		if test "$own_status" -ne 0 -a "$option_optional" = 'no'; then
+			return "$own_status"
+		fi
+	fi
+	# check if we had missing paths
+	if test "${#paths[@]}" -ne "${#option_paths[@]}"; then
+		if test "$option_optional" = 'yes'; then
+			return 0
+		fi
+		return 2 # ENOENT 2 No such file or directory
 	fi
-	return "$exit_status"
 )
 
 # fire if invoked standalone

diff --git a/commands/fs-rm b/commands/fs-rm
@@ -105,12 +105,15 @@ function fs_rm() (
 			return 200 # ECUSTOM 200 Not applicable
 		fi
 
-		# if preconfirmed, we don't need the pprompt
+		# if preconfirmed, skip the prompt
 		if test "$option_confirm" = 'no'; then
 			return 0
 		fi
 
-		# we want to prompt
+		# if it is purely empty, skip the prompt
+		if is-empty-ls -- "$path"; then
+			return 0
+		fi
 
 		# note its structure and size
 		echo
@@ -125,7 +128,7 @@ function fs_rm() (
 	function do_confirm_removal {
 		local path="$1"
 
-		# if preconfirmed, we don't need the pprompt
+		# if preconfirmed, skip the prompt
 		if test "$option_confirm" = 'no'; then
 			return 0
 		fi
@@ -165,7 +168,8 @@ function fs_rm() (
 		# delete empty directories
 		eval_capture --statusvar=confirm_trim_status -- do_confirm_trim "$path"
 		if test "$confirm_trim_status" -eq 0; then
-			eval_capture -- eval_wrapper -- find "$path" -empty -type d -delete
+			# ignore stderr and do not wrap to prevent illogical cannot restore directory errors
+			eval_capture --ignore-stderr -- find "$path" -empty -type d -delete
 			if is-missing -- "$path"; then
 				CONCLUSION="$(
 					echo-style --green="was only empty directories, it has been removed."

diff --git a/commands/get-devices b/commands/get-devices
@@ -57,6 +57,9 @@ function get_devices() (
 			--debug
 			    Output debug information.
 
+			--quiet
+			    Don't output warning about no matching devices.
+
 			FILTERS:
 			--node=<node>
 			    Filter devices, only returning those of <node>.
@@ -127,7 +130,8 @@ function get_devices() (
 	}
 
 	# process
-	local item option_results=() option_select='' option_missing='' option_debug='no'
+	local item option_results=() option_select='' option_missing='' option_debug='no' option_quiet
+	option_quiet="$(echo-quiet-enabled -- "$@")"
 	local option_has_node='' option_node=''
 	local option_has_label='' option_label=''
 	local option_has_filesystem='' option_filesystem=''
@@ -162,6 +166,7 @@ function get_devices() (
 		shift
 		case "$item" in
 		'--help' | '-h') help ;;
+		'--no-quiet'* | '--quiet'* | '--no-verbose'* | '--verbose'*) ;; # handled by echo-quiet-enabled
 
 		'--result='*)
 			mapfile -t option_results < <(echo-split ',' -- "${item#*=}")
@@ -486,7 +491,9 @@ function get_devices() (
 	local results
 	mapfile -t results < <(action)
 	if test "${#results[@]}" -eq 0; then
-		echo-style --error="$option_missing" >/dev/stderr
+		if test "$option_quiet" != 'yes'; then
+			echo-style --error="$option_missing" >/dev/stderr
+		fi
 		return 19 # ENODEV 19 Operation not supported by device
 	fi
 	if test -n "$option_select"; then

diff --git a/commands/is-abort b/commands/is-abort
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+function is_abort() (
+	source "$DOROTHY/sources/bash.bash"
+
+	# =====================================
+	# Arguments
+
+	function help {
+		cat <<-EOF >/dev/stderr
+			ABOUT:
+			Check if <input> is an abort exit status
+
+			USAGE:
+			is-abort [...options] [--] ...<input>
+
+			OPTIONS:
+			<input>
+			    Input to check is an abort value.
+
+			--ignore-empty:
+			    Ignore/skip empty values.
+
+			ABORTS:
+			125: ECANCELED 125 Operation cancelled
+			129: SIGHUP (Hangup signal. Sent to a process when its controlling terminal is closed.)
+			130: SIGINT (Interrupt signal. Sent to interrupt the process and typically initiated by pressing Ctrl+C.)
+			131: SIGQUIT (Quit signal. Similar to SIGINT but typically results in a core dump for debugging.)
+			134: SIGABRT (Abort signal. Sent by the process to itself when it detects a critical error.)
+			137: SIGKILL (Kill signal. Sent to forcefully terminate a process. Cannot be caught or ignored.)
+			143: SIGTERM (Termination signal. Sent to request a process to terminate gracefully.)
+
+			RETURNS:
+			[0] if ANY <input>s were an abort
+			[1] if ALL <input> were not abort
+		EOF
+		if test "$#" -ne 0; then
+			echo-error "$@"
+		fi
+		return 22 # EINVAL 22 Invalid argument
+	}
+
+	# process
+	local item option_inputs=() option_ignore_empty='no'
+	while test "$#" -ne 0; do
+		item="$1"
+		shift
+		case "$item" in
+		'--help' | '-h') help ;;
+		'--no-ignore-empty'* | '--ignore-empty'*)
+			option_ignore_empty="$(get-flag-value --abort --fallback="$option_ignore_empty" -- "$item")"
+			;;
+		'--')
+			option_inputs+=("$@")
+			shift "$#"
+			break
+			;;
+		'--'*) help "An unrecognised flag was provided: $item" ;;
+		'') ;; # ignore empty values
+		*) option_inputs+=("$item") ;;
+		esac
+	done
+
+	# =====================================
+	# Action
+
+	local input
+	for input in "${option_inputs[@]}"; do
+		case "$input" in
+		125 | 129 | 130 | 131 | 134 | 137 | 143) return 0 ;;
+		esac
+	done
+	return 1
+)
+
+# fire if invoked standalone
+if test "$0" = "${BASH_SOURCE[0]}"; then
+	is_abort "$@"
+fi