mirror of
https://github.com/kuhyx/testsAndMisc.git
synced 2026-07-04 14:23:16 +02:00
- Move fresh-install/ → scripts/single_use/fresh-install/ - Move hosts/ → scripts/periodic_background/hosts/ - Move i3-configuration/ → scripts/periodic_background/i3-configuration/ - Delete linux_configuration/LaTeX/, nix-poc/, report/ (dead dirs) - Move repo-root scripts/ → meta/scripts/ - Update root .pre-commit-config.yaml: scripts/ → meta/scripts/ (9 entries) - Update run.sh ARTIFACT_INIT_SCRIPT to meta/scripts/ - Update fresh-install/main.sh: hosts/install.sh + i3-configuration/install.sh paths - Update check_python_location.sh: add meta/scripts/ to exception list - Fix midnight flakiness in test_recent_workout_returns_true: use timezone-aware local noon instead of now-1h to avoid SQL date() boundary issues
43 lines
1.0 KiB
Bash
Executable File
43 lines
1.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# pacman-post-relock-hosts.sh - Re-apply all guard protections after pacman
|
|
# Re-locks: /etc/hosts, /etc/nsswitch.conf, /etc/systemd/resolved.conf
|
|
set -euo pipefail
|
|
|
|
# Source shared functions
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
# shellcheck source=hosts-guard-common.sh
|
|
source "$SCRIPT_DIR/hosts-guard-common.sh"
|
|
|
|
require_root
|
|
|
|
ENFORCE=/usr/local/sbin/enforce-hosts.sh
|
|
ENFORCE_NSSWITCH=/usr/local/sbin/enforce-nsswitch.sh
|
|
ENFORCE_RESOLVED=/usr/local/sbin/enforce-resolved.sh
|
|
|
|
log_hook "post" "relocking(start)"
|
|
|
|
# Collapse any stacked mounts first
|
|
collapse_mounts
|
|
|
|
# Run enforcement scripts if available
|
|
if [[ -x $ENFORCE ]]; then
|
|
"$ENFORCE" >/dev/null 2>&1 || true
|
|
fi
|
|
if [[ -x $ENFORCE_NSSWITCH ]]; then
|
|
"$ENFORCE_NSSWITCH" >/dev/null 2>&1 || true
|
|
fi
|
|
if [[ -x $ENFORCE_RESOLVED ]]; then
|
|
"$ENFORCE_RESOLVED" >/dev/null 2>&1 || true
|
|
fi
|
|
|
|
# Apply protections (immutable on all guarded files)
|
|
apply_immutable
|
|
apply_ro_bind_mount
|
|
|
|
# Start all path watchers
|
|
start_path_watcher
|
|
|
|
log_hook "post" "relocking(done)"
|
|
|
|
exit 0
|