testsAndMisc/linux_configuration/scripts/periodic_background/hosts/guard/pacman-hooks/pacman-post-relock-hosts.sh
Krzysztof kuhy Rudnicki db6276b3ff refactor(linux_configuration): move remaining dirs + scripts/ to meta/
- Move fresh-install/ → scripts/single_use/fresh-install/
- Move hosts/ → scripts/periodic_background/hosts/
- Move i3-configuration/ → scripts/periodic_background/i3-configuration/
- Delete linux_configuration/LaTeX/, nix-poc/, report/ (dead dirs)
- Move repo-root scripts/ → meta/scripts/
- Update root .pre-commit-config.yaml: scripts/ → meta/scripts/ (9 entries)
- Update run.sh ARTIFACT_INIT_SCRIPT to meta/scripts/
- Update fresh-install/main.sh: hosts/install.sh + i3-configuration/install.sh paths
- Update check_python_location.sh: add meta/scripts/ to exception list
- Fix midnight flakiness in test_recent_workout_returns_true: use timezone-aware
  local noon instead of now-1h to avoid SQL date() boundary issues
2026-05-15 00:53:01 +02:00

43 lines
1.0 KiB
Bash
Executable File

#!/usr/bin/env bash
# pacman-post-relock-hosts.sh - Re-apply all guard protections after pacman
# Re-locks: /etc/hosts, /etc/nsswitch.conf, /etc/systemd/resolved.conf
set -euo pipefail
# Source shared functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=hosts-guard-common.sh
source "$SCRIPT_DIR/hosts-guard-common.sh"
require_root
ENFORCE=/usr/local/sbin/enforce-hosts.sh
ENFORCE_NSSWITCH=/usr/local/sbin/enforce-nsswitch.sh
ENFORCE_RESOLVED=/usr/local/sbin/enforce-resolved.sh
log_hook "post" "relocking(start)"
# Collapse any stacked mounts first
collapse_mounts
# Run enforcement scripts if available
if [[ -x $ENFORCE ]]; then
"$ENFORCE" >/dev/null 2>&1 || true
fi
if [[ -x $ENFORCE_NSSWITCH ]]; then
"$ENFORCE_NSSWITCH" >/dev/null 2>&1 || true
fi
if [[ -x $ENFORCE_RESOLVED ]]; then
"$ENFORCE_RESOLVED" >/dev/null 2>&1 || true
fi
# Apply protections (immutable on all guarded files)
apply_immutable
apply_ro_bind_mount
# Start all path watchers
start_path_watcher
log_hook "post" "relocking(done)"
exit 0