fix: simplify pacman orphan cleanup command construction
This commit is contained in:
+8
-2
@@ -274,8 +274,14 @@ runCmd() { # $1=host $2=name $3=cmd
|
|||||||
ERROR=1
|
ERROR=1
|
||||||
fi
|
fi
|
||||||
echo "pacman orphan cleanup" | tee -a "${LOGFILENAME}"
|
echo "pacman orphan cleanup" | tee -a "${LOGFILENAME}"
|
||||||
if ! runSSH "${HOST}" sh -c 'yesarg="$1"; orphans=$(pacman -Qqtd 2>/dev/null || true); if [ -n "$orphans" ]; then pacman -Rns $yesarg $orphans; fi' sh "${YESARG}" | tee -a "${LOGFILENAME}"; then
|
if [ -n "${YESARG}" ]; then
|
||||||
ERROR=1
|
if ! runSSH "${HOST}" sh -c 'orphans=$(pacman -Qqtd 2>/dev/null || true); if [ -n "$orphans" ]; then pacman -Rns --noconfirm $orphans; fi' | tee -a "${LOGFILENAME}"; then
|
||||||
|
ERROR=1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if ! runSSH "${HOST}" sh -c 'orphans=$(pacman -Qqtd 2>/dev/null || true); if [ -n "$orphans" ]; then pacman -Rns $orphans; fi' | tee -a "${LOGFILENAME}"; then
|
||||||
|
ERROR=1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
echo "pacman -Sc ${YESARG}" | tee -a "${LOGFILENAME}"
|
echo "pacman -Sc ${YESARG}" | tee -a "${LOGFILENAME}"
|
||||||
if ! runSSH "${HOST}" pacman -Sc ${YESARG} | tee -a "${LOGFILENAME}"; then
|
if ! runSSH "${HOST}" pacman -Sc ${YESARG} | tee -a "${LOGFILENAME}"; then
|
||||||
|
|||||||
@@ -118,6 +118,7 @@ Supported action types currently include:
|
|||||||
- `NODES` parsing was hardened to preserve spaces in action values by splitting on `;` with `IFS` and `read -r -a`
|
- `NODES` parsing was hardened to preserve spaces in action values by splitting on `;` with `IFS` and `read -r -a`
|
||||||
- SSH calls were centralized through a `runSSH` helper and `SSH_USER` is now configurable, defaulting to `root`
|
- SSH calls were centralized through a `runSSH` helper and `SSH_USER` is now configurable, defaulting to `root`
|
||||||
- The `pacman` orphan cleanup now runs entirely on the remote host instead of evaluating orphan detection locally
|
- The `pacman` orphan cleanup now runs entirely on the remote host instead of evaluating orphan detection locally
|
||||||
|
- The `pacman` orphan cleanup remote command now avoids nested `bash -lc` argument-passing issues by selecting between two simple remote `sh -c` commands, one with `--noconfirm` and one without
|
||||||
- The `docker-stacks` action was rewritten to use a remote shell script with the stack directory passed as an argument
|
- The `docker-stacks` action was rewritten to use a remote shell script with the stack directory passed as an argument
|
||||||
- Unknown actions and reboot SSH failures now propagate error status more consistently
|
- Unknown actions and reboot SSH failures now propagate error status more consistently
|
||||||
- A focused code review identified the next recommended work items and suggested splitting them into separate commits rather than combining them in one larger hardening change
|
- A focused code review identified the next recommended work items and suggested splitting them into separate commits rather than combining them in one larger hardening change
|
||||||
@@ -126,6 +127,7 @@ Supported action types currently include:
|
|||||||
- Log summary generation no longer uses `sed -i` interpolation; the script now writes a temporary file with the summary header plus the existing log content and replaces the original log atomically
|
- Log summary generation no longer uses `sed -i` interpolation; the script now writes a temporary file with the summary header plus the existing log content and replaces the original log atomically
|
||||||
- The `apk` action now applies `-y` to `apk upgrade` when the CLI `-y` flag is set, making its behavior consistent with the documented intent for supported package managers
|
- The `apk` action now applies `-y` to `apk upgrade` when the CLI `-y` flag is set, making its behavior consistent with the documented intent for supported package managers
|
||||||
- The `apt` action now uses `apt-get autoremove --purge` and no longer runs `apt-get purge` without arguments, which makes the cleanup step more meaningful and avoids a misleading command in the log
|
- The `apt` action now uses `apt-get autoremove --purge` and no longer runs `apt-get purge` without arguments, which makes the cleanup step more meaningful and avoids a misleading command in the log
|
||||||
|
- The `pacman` action was further hardened by simplifying orphan cleanup command construction, reducing quoting-related regressions while still skipping removal when no orphan packages are present
|
||||||
|
|
||||||
## Change guidance
|
## Change guidance
|
||||||
- Preserve backward compatibility for existing config files where possible
|
- Preserve backward compatibility for existing config files where possible
|
||||||
|
|||||||
Reference in New Issue
Block a user