scripts/diffcheck.sh: Use secure temp files and git archive for better safety #1924

pull maradini77 wants to merge 1 commits into bitcoin:master from maradini77:master changing 1 files +17 −5
  1. maradini77 commented at 9:54 am on August 10, 2025: none

    Summary

    Refactor scripts/diffcheck.sh to improve security and reliability by replacing fixed /tmp paths with secure temporary directories and avoiding destructive git checkout.

    Changes

    • Secure temp files: Use mktemp -d with automatic cleanup via trap instead of hardcoded /tmp paths
    • Non-destructive git operations: Replace git checkout HEAD^ with git archive to avoid modifying working tree state
  2. Update diffcheck.sh fb7c7223c4
  3. jonatack added the label CI on Aug 12, 2025
  4. jonatack commented at 8:47 pm on August 12, 2025: member
    LGTM, but I’m not a bash expert. Pinging file authors @kallewoof @achow101 for feedback.
  5. kallewoof commented at 11:42 pm on August 12, 2025: contributor

    I didn’t really write that code. The reason I’m on blame is because of the move that happened in #1432.

    That said, this PR seems to unnecessarily complicate things. This script is meant to be run in Github Actions. It’s not meant to be run by users, and doesn’t need “better safety”. I have no strong opinion on the subject though so if others think this is useful, go ahead.


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-08-19 23:10 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me