fix: untrack binary, Docker chmod, os.tmpdir (#779, #709, #708)#799
Closed
itstimwhite wants to merge 4 commits intogarrytan:mainfrom
Closed
fix: untrack binary, Docker chmod, os.tmpdir (#779, #709, #708)#799itstimwhite wants to merge 4 commits intogarrytan:mainfrom
itstimwhite wants to merge 4 commits intogarrytan:mainfrom
Conversation
58MB Mach-O arm64 binary was tracked despite being in .gitignore (line 5). The .ts source file remains tracked for reproducible builds via ./setup. Note: git rm --cached removes from the index only. Existing clones retain the binary in git history until a future history rewrite. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
chmod -R 1777 /tmp recursively sets the sticky bit on files inside /tmp, which is meaningless (sticky bit only matters on directories). Line 61 already correctly sets /tmp itself. Replace with find -type d to only chmod directories. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
cookie-import-browser.ts hardcoded /tmp for temporary SQLite copies. os.tmpdir() is the portable Node.js API and is already imported. On macOS this resolves to a per-user temp directory (/var/folders/...), which is actually a security improvement (mode 700 vs world-writable). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Owner
|
Closing — Docker chmod and os.tmpdir overlap with open PRs #747 and #748. The binary untracking from #779 was already resolved (binaries are no longer tracked). Thank you @itstimwhite! |
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three mechanical fixes from the open issue tracker:
Untrack
bin/gstack-global-discover(bin/gstack-global-discover is a tracked generated binary — bloats clone size and causes perpetual dirty working tree #779): 58MB Mach-O arm64 binary was tracked despite.gitignoreentry.git rm --cachedremoves it from the index. The.tssource remains tracked,./setupcompiles it locally. Note: existing clones retain the binary in git history until a future history rewrite.Docker
chmod -R 1777 /tmpsticky bit (Docker: chmod -R 1777 /tmp sets sticky bit on files #709): The-Rflag in.github/docker/Dockerfile.ciapplied the sticky bit to files inside/tmp, which is meaningless (sticky bit only matters on directories). Replaced withfind /tmp -type d -exec chmod 1777 {} +.Hardcoded
/tmpin cookie-import (Cross-platform: hardcoded /tmp in cookie-import-browser.ts #708):browse/src/cookie-import-browser.tsused a hardcoded/tmppath instead ofos.tmpdir(). On macOS,os.tmpdir()returns a per-user temp directory (/var/folders/...), which is actually a security improvement (mode 700 vs world-writable).Pre-Landing Review
No issues found.
Test plan
bun testpasses (all tiers)git ls-files bin/gstack-global-discoverreturns emptygrep -r 'B=~/' *.mdunaffected (tilde fix deferred, see below)Notes
scripts/resolvers/types.tsinto a declarative host config system. Our tilde fix would target lines that feat: declarative multi-host platform + OpenCode, Slate, Cursor, OpenClaw (v0.15.5.0) #793 deletes. Revisit after feat: declarative multi-host platform + OpenCode, Slate, Cursor, OpenClaw (v0.15.5.0) #793 lands.openDbFromCopy()error path (line 410) only cleans uptmpPathbut not WAL/SHM files on failure. Pre-existing, not introduced by this change.🤖 Generated with Claude Code