guardutils/chguard
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 8 Wiki Activity

Compare commits

base: guardutils:0.2.0
Branches Tags
guardutils:main
guardutils:0.3.3 guardutils:0.3.2 guardutils:0.3.1 guardutils:0.3.0 guardutils:0.2.2 guardutils:0.2.1 guardutils:0.2.0 guardutils:0.1.0
...
compare: guardutils:0.2.2
Branches Tags
guardutils:main
guardutils:0.3.3 guardutils:0.3.2 guardutils:0.3.1 guardutils:0.3.0 guardutils:0.2.2 guardutils:0.2.1 guardutils:0.2.0 guardutils:0.1.0

6 Commits
0.2.0 ... 0.2.2

Author SHA1 Message Date
Marco D'Aleo
7c391b8dbc Fix logo path in README 2025-12-23 16:18:18 +00:00
Marco D'Aleo
aafad81bb6 Merge pull request 'Make save operation transactional' (#3) from transaction_patch into main 
Reviewed-on: #3
 2025-12-23 16:15:46 +00:00
Marco D'Aleo
9658f534ea Run save inside a single transaction to avoid partial writes when permission checks fail or state creation errors occur
All checks were successful
Lint & Security / precommit-and-security (pull_request) Successful in 59s
Details
2025-12-23 16:07:46 +00:00
Marco D'Aleo
5af28d21ca Add .python-version to .gitignore 2025-12-21 14:03:52 +00:00
Marco D'Aleo
b0395a432f Merge pull request 'Patch dependecies' (#2) from fix_dependencies_notation into main 
Reviewed-on: #2
 2025-12-21 10:25:30 +00:00
Marco D'Aleo
603e2ac0c6 Patch dependecies
All checks were successful
Lint & Security / precommit-and-security (pull_request) Successful in 1m0s
Details
2025-12-21 10:23:59 +00:00
6 changed files with 58 additions and 42 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -85,7 +85,7 @@ ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
.python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.

2
README.md
View File

@@ -5,7 +5,7 @@
# chguard
<div align="center">
<img src="chguard.png" alt="chguard logo" width="256" />
<img src="https://git.sysmd.uk/guardutils/chguard/raw/branch/main/chguard.png" alt="chguard logo" width="256" />
</div>

71
chguard/cli.py
View File

@@ -248,42 +248,49 @@ def main() -> None:
root = normalize_root(args.save)
if state_exists(conn, args.name):
if not args.overwrite:
raise SystemExit(
f"State '{args.name}' already exists (use --overwrite)"
)
delete_state(conn, args.name)
try:
with conn: # start transaction
if state_exists(conn, args.name):
if not args.overwrite:
raise SystemExit(
f"State '{args.name}' already exists (use --overwrite)"
)
# if the new save fails, this delete_state step will also roll back
delete_state(conn, args.name, commit=False)
state_id = create_state(conn, args.name, str(root), os.getuid())
# Abort early if root-owned files exist and user is not root.
# This prevents creating snapshots that cannot be meaningfully restored.
for entry in scan_tree(root, excludes=args.exclude):
if entry.uid == 0 and not _is_root():
raise SystemExit(
"This path contains root-owned files.\n"
"Saving this state requires sudo."
state_id = create_state(
conn, args.name, str(root), os.getuid(), commit=False
)
conn.execute(
"""
INSERT INTO entries (state_id, path, type, mode, uid, gid)
VALUES (?, ?, ?, ?, ?, ?)
""",
(
state_id,
entry.path,
entry.type,
entry.mode,
entry.uid,
entry.gid,
),
)
# Abort early if root-owned files exist and user is not root.
# This prevents creating snapshots that cannot be meaningfully restored.
for entry in scan_tree(root, excludes=args.exclude):
if entry.uid == 0 and not _is_root():
raise SystemExit(
"This path contains root-owned files.\n"
"Saving this state requires sudo."
)
conn.commit()
console.print(f"Saved state '{args.name}' for {root}")
return
conn.execute(
"""
INSERT INTO entries (state_id, path, type, mode, uid, gid)
VALUES (?, ?, ?, ?, ?, ?)
""",
(
state_id,
entry.path,
entry.type,
entry.mode,
entry.uid,
entry.gid,
),
)
console.print(f"Saved state '{args.name}' for {root}")
return
except SystemExit:
raise
if args.restore:
if not args.state:

17
chguard/db.py
View File

@@ -61,19 +61,28 @@ def state_exists(conn: sqlite3.Connection, name: str) -> bool:
def create_state(
conn: sqlite3.Connection, name: str, root_path: str, created_by_uid: int
conn: sqlite3.Connection,
name: str,
root_path: str,
created_by_uid: int,
*,
commit: bool = True,
) -> int:
cur = conn.execute(
"INSERT INTO states (name, root_path, created_at, created_by_uid) VALUES (?, ?, ?, ?)",
(name, root_path, utc_now_iso(), created_by_uid),
)
conn.commit()
if commit:
conn.commit()
return int(cur.lastrowid)
def delete_state(conn: sqlite3.Connection, name: str) -> int:
def delete_state(
conn: sqlite3.Connection, name: str, commit: bool = True
) -> int:
cur = conn.execute("DELETE FROM states WHERE name = ?", (name,))
conn.commit()
if commit:
conn.commit()
return cur.rowcount

2
poetry.lock generated
View File

@@ -289,4 +289,4 @@ test = ["covdefaults (>=2.3)", "coverage (>=7.2.7)", "coverage-enable-subprocess
[metadata]
lock-version = "2.0"
python-versions = ">=3.10,<4.0"
content-hash = "aa4ded468b14fc02b90fdb2a0b1bd446195d02affc359c045b6bbb93858aa747"
content-hash = "4a5c993fcc16fe3739c43eb00bed750ce0803d45e37c7a786aa0b83bb4930267"

6
pyproject.toml
View File

@@ -1,6 +1,6 @@
[tool.poetry]
name = "chguard"
version = "0.2.0"
version = "0.2.2"
description = "Safety-first tool to snapshot and restore filesystem ownership and permissions."
authors = ["Marco D'Aleo <marco@marcodaleo.com>"]
license = "GPL-3.0-or-later"
@@ -12,8 +12,8 @@ repository = "https://git.sysmd.uk/guardutils/chguard"
python = ">=3.10,<4.0"
rich = ">=12"
argcomplete = ">=2"
platformdirs = "^4.5.1"
filelock = "^3.20.1"
platformdirs = ">=4.5.1"
filelock = ">=3.20.1"
[tool.poetry.scripts]
chguard = "chguard.cli:main"