mirror of
https://github.com/kuhyx/scripts.git
synced 2026-07-04 15:03:09 +02:00
feat: automatically remove blocked packages add firefox
This commit is contained in:
parent
935f8e19fc
commit
abbe60d0d2
@ -52,25 +52,93 @@ function display_operation() {
|
|||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Helper: return 0 if the given package name is blocked by policy
|
||||||
|
function is_blocked_package_name() {
|
||||||
|
local name="$1"
|
||||||
|
# Normalize to package base (strip any repo prefix already done by caller)
|
||||||
|
# Broad block: Firefox family and derivatives (covers -bin/-git and similar suffixes)
|
||||||
|
if [[ $name =~ ^firefox($|[-_]) ]]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
if [[ $name =~ ^(librewolf|waterfox|icecat|floorp|zen-browser|tor-browser|mullvad-browser|basilisk|palemoon|iceweasel|abrowser|cliqz)($|[-_]) ]]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Explicitly blocked names list
|
||||||
|
local blocked=(
|
||||||
|
"freetube-bin" "virtualbox" "virtualbox-host-modules-arch" "virtualbox-guest-iso" "virtualbox-ext-vnc" "virtualbox-guest-utils" "virtualbox-host-dkms"
|
||||||
|
"brave" "brave-bin" "freetube" "seamonkey-bin" "seamonkey" "min-browser-bin" "min-browser" "beaker-browser" "catalyst-browser-bin" "hamsket" "min"
|
||||||
|
"vieb-bin" "yt-dlp" "yt-dlp-git" "stremio" "stremio-git" "angelfish" "dooble" "eric" "falkon" "fiery" "maui" "konqueror" "liri" "otter"
|
||||||
|
"quotebrowser" "beaker" "catalyst" "badwolf" "eolie" "epiphany" "surf" "uzbl" "vimb" "vimb-git" "web-browser" "web-browser-git"
|
||||||
|
"web-browser-bin" "web-browser-bin-git" "web-browser-bin-git" "luakit" "nyxt" "tangram" "vimb" "dillo" "links" "netsurf" "amfora" "tartube"
|
||||||
|
|
||||||
|
# Firefox and prominent Firefox-based browsers/variants (explicit names)
|
||||||
|
"firefox" "firefox-bin" "firefox-esr" "firefox-esr-bin" "firefox-beta" "firefox-beta-bin"
|
||||||
|
"firefox-developer-edition" "firefox-developer-edition-bin" "firefox-nightly" "firefox-nightly-bin"
|
||||||
|
"firefox-appmenu" "firefox-appmenu-bin" "firefox-kde-opensuse"
|
||||||
|
"librewolf" "librewolf-bin" "waterfox" "waterfox-bin" "waterfox-current-bin" "waterfox-classic-bin" "waterfox-g3-bin"
|
||||||
|
"icecat" "icecat-bin" "floorp" "floorp-bin" "zen-browser" "zen-browser-bin"
|
||||||
|
"tor-browser" "tor-browser-bin" "torbrowser-launcher" "mullvad-browser" "mullvad-browser-bin"
|
||||||
|
"basilisk" "basilisk-bin" "palemoon" "palemoon-bin" "iceweasel" "iceweasel-bin" "abrowser" "cliqz"
|
||||||
|
)
|
||||||
|
|
||||||
|
for pkg in "${blocked[@]}"; do
|
||||||
|
if [[ "$name" == "$pkg" ]]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# Helper: detect if current invocation includes --noconfirm
|
||||||
|
function has_noconfirm_flag() {
|
||||||
|
for arg in "$@"; do
|
||||||
|
if [[ "$arg" == "--noconfirm" ]]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# Cleanup: remove any installed blocked packages (in addition to the queued operation)
|
||||||
|
function remove_installed_blocked_packages() {
|
||||||
|
local user_args=("$@")
|
||||||
|
# List installed package names
|
||||||
|
mapfile -t installed_names < <("$PACMAN_BIN" -Qq 2>/dev/null)
|
||||||
|
local to_remove=()
|
||||||
|
for name in "${installed_names[@]}"; do
|
||||||
|
if is_blocked_package_name "$name"; then
|
||||||
|
to_remove+=("$name")
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ ${#to_remove[@]} -eq 0 ]]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -e "${YELLOW}Policy cleanup:${NC} Removing blocked installed packages: ${BOLD}${to_remove[*]}${NC}" >&2
|
||||||
|
local remove_cmd=("$PACMAN_BIN" -Rns --noconfirm)
|
||||||
|
"${remove_cmd[@]}" "${to_remove[@]}"
|
||||||
|
local rc=$?
|
||||||
|
if [[ $rc -ne 0 ]]; then
|
||||||
|
echo -e "${RED}Cleanup removal failed with exit code ${rc}.${NC}" >&2
|
||||||
|
else
|
||||||
|
echo -e "${GREEN}Cleanup removal completed for: ${to_remove[*]}${NC}" >&2
|
||||||
|
fi
|
||||||
|
return $rc
|
||||||
|
}
|
||||||
|
|
||||||
# Function to check if user is trying to install packages that are always blocked
|
# Function to check if user is trying to install packages that are always blocked
|
||||||
function check_for_always_blocked() {
|
function check_for_always_blocked() {
|
||||||
# List of packages that are ALWAYS blocked without any challenge
|
|
||||||
local always_blocked_packages=("freetube-bin" "virtualbox" "virtualbox-host-modules-arch" "virtualbox-guest-iso" "virtualbox-ext-vnc" "virtualbox-guest-utils" "virtualbox-host-dkms" "brave" "brave-bin" "freetube" "seamonkey-bin" "seamonkey" "min-browser-bin" "min-browser" "beaker-browser" "catalyst-browser-bin" "hamsket" "min" "vieb-bin" "yt-dlp" "yt-dlp-git" "stremio" "stremio-git" "angelfish" "dooble" "eric" "falkon" "fiery" "maui" "konqueror" "liri" "otter" "quotebrowser" "beaker" "catalyst" "badwolf" "eolie" "epiphany" "surf" "uzbl" "vimb" "vimb-git" "web-browser" "web-browser-git" "web-browser-bin" "web-browser-bin-git" "web-browser-bin-git" "luakit" "nyxt" "tangram" "vimb" "dillo" "links" "netsurf" "amfora" "tartube")
|
|
||||||
|
|
||||||
# Check if the command is an installation command
|
# Check if the command is an installation command
|
||||||
if [[ "$1" == "-S" || "$1" == "-Sy" || "$1" == "-Syu" || "$1" == "-Syyu" || "$1" == "-U" ]]; then
|
if [[ "$1" == "-S" || "$1" == "-Sy" || "$1" == "-Syu" || "$1" == "-Syyu" || "$1" == "-U" ]]; then
|
||||||
# Check all arguments
|
# Check all arguments
|
||||||
for arg in "$@"; do
|
for arg in "$@"; do
|
||||||
# Strip repository prefix if present (like extra/ or community/)
|
# Strip repository prefix if present (like extra/ or community/)
|
||||||
local package_name="${arg##*/}"
|
local package_name="${arg##*/}"
|
||||||
|
if is_blocked_package_name "$package_name"; then
|
||||||
# Check if argument matches any always blocked package
|
return 0 # Always blocked package found
|
||||||
for package in "${always_blocked_packages[@]}"; do
|
fi
|
||||||
if [[ "$arg" == "$package" || "$arg" == *"/$package-"* || "$arg" == *"/$package/"* ||
|
|
||||||
"$arg" == *"/$package" || "$package_name" == "$package" ]]; then
|
|
||||||
return 0 # Always blocked package found
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
return 1 # No always blocked package found
|
return 1 # No always blocked package found
|
||||||
@ -405,6 +473,8 @@ fi
|
|||||||
if check_for_always_blocked "$@"; then
|
if check_for_always_blocked "$@"; then
|
||||||
echo -e "${RED}Installation BLOCKED: This package is permanently restricted and cannot be installed.${NC}"
|
echo -e "${RED}Installation BLOCKED: This package is permanently restricted and cannot be installed.${NC}"
|
||||||
echo -e "${RED}Package installation has been denied by system policy.${NC}"
|
echo -e "${RED}Package installation has been denied by system policy.${NC}"
|
||||||
|
# Regardless of the attempted action, enforce cleanup of any installed blocked packages
|
||||||
|
remove_installed_blocked_packages "$@"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -448,6 +518,9 @@ else
|
|||||||
echo -e "${RED}Command failed with exit code ${exit_code}.${NC}" >&2
|
echo -e "${RED}Command failed with exit code ${exit_code}.${NC}" >&2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# After any operation, remove installed blocked packages as part of policy enforcement
|
||||||
|
remove_installed_blocked_packages "$@"
|
||||||
|
|
||||||
# Display some helpful tips depending on the operation
|
# Display some helpful tips depending on the operation
|
||||||
if [[ "$1" == "-S" || "$1" == "-S "* ]] && [ $exit_code -eq 0 ]; then
|
if [[ "$1" == "-S" || "$1" == "-S "* ]] && [ $exit_code -eq 0 ]; then
|
||||||
echo -e "${CYAN}Tip:${NC} You may need to log out or restart to use some newly installed software."
|
echo -e "${CYAN}Tip:${NC} You may need to log out or restart to use some newly installed software."
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user