Skip to content

Commit 30f78eb

Browse files
wnlenwnlen
committed
fix: block unsafe sudo auto install and prevent doctor from rewriting env
1 parent fae7a75 commit 30f78eb

2 files changed

Lines changed: 34 additions & 6 deletions

File tree

install.sh

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,9 @@ source "$PROJECT_DIR/scripts/init/systemd-user.sh"
1212
source "$PROJECT_DIR/scripts/init/script.sh"
1313

1414
init_project_context "$PROJECT_DIR"
15+
guard_unsafe_sudo_auto_install "${1:-}"
1516
load_env_if_exists
17+
migrate_env_legacy_compat_fields "$PROJECT_DIR/.env"
1618
detect_install_scope "${1:-auto}"
1719
ensure_project_not_wsl_windows_mount
1820

scripts/core/common.sh

Lines changed: 32 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -288,9 +288,6 @@ ensure_project_not_wsl_windows_mount() {
288288
}
289289

290290
load_env_if_exists() {
291-
local env_file
292-
env_file="$PROJECT_DIR/.env"
293-
294291
if [ -f "$PROJECT_DIR/.env" ]; then
295292
set -a
296293
# shellcheck disable=SC1090
@@ -299,7 +296,6 @@ load_env_if_exists() {
299296
fi
300297

301298
normalize_env_compat
302-
cleanup_env_legacy_compat_fields "$env_file"
303299
}
304300

305301
normalize_env_compat() {
@@ -346,12 +342,15 @@ normalize_env_compat() {
346342
return 0
347343
}
348344

349-
cleanup_env_legacy_compat_fields() {
345+
migrate_env_legacy_compat_fields() {
350346
local file="$1"
347+
local tmp
351348

352349
[ -n "${file:-}" ] || return 0
353350
[ -f "$file" ] || return 0
354351

352+
tmp="$(mktemp "${file}.tmp.XXXXXX")" || return 0
353+
355354
awk '
356355
$0 ~ /^[[:space:]]*(export[[:space:]]+)?BUILD_MIN_SUCCESS_SOURCES=/ { next }
357356
$0 ~ /^[[:space:]]*(export[[:space:]]+)?CLASH_SUBSCRIPTION_FORMAT=/ { next }
@@ -360,7 +359,23 @@ cleanup_env_legacy_compat_fields() {
360359
next
361360
}
362361
{ print }
363-
' "$file" > "${file}.tmp" && mv "${file}.tmp" "$file"
362+
' "$file" > "$tmp" || {
363+
rm -f "$tmp" 2>/dev/null || true
364+
return 0
365+
}
366+
367+
if cmp -s "$file" "$tmp"; then
368+
rm -f "$tmp" 2>/dev/null || true
369+
return 0
370+
fi
371+
372+
if [ ! -w "$file" ]; then
373+
rm -f "$tmp" 2>/dev/null || true
374+
warn ".env 当前用户不可写,已跳过兼容迁移:$file"
375+
return 0
376+
fi
377+
378+
mv -f "$tmp" "$file"
364379
}
365380

366381
github_proxy_prefix() {
@@ -1116,6 +1131,17 @@ ensure_openwrt_install_supported() {
11161131
fi
11171132
}
11181133

1134+
guard_unsafe_sudo_auto_install() {
1135+
local requested="${1:-}"
1136+
1137+
if [ "$(id -u)" -eq 0 ] \
1138+
&& [ -n "${SUDO_USER:-}" ] \
1139+
&& { [ -z "${requested:-}" ] || [ "$requested" = "auto" ]; }; then
1140+
die_state "检测到未受支持的安装方式:sudo bash install.sh" \
1141+
"普通安装请执行:bash install.sh;系统级安装请显式执行:sudo bash install.sh system"
1142+
fi
1143+
}
1144+
11191145
detect_install_scope() {
11201146
local requested="${1:-auto}"
11211147

0 commit comments

Comments
 (0)