scripts/diffcheck.sh: Use secure temp files and git archive for better safety #1924

pull maradini77 wants to merge 1 commits into bitcoin:master from maradini77:master changing 1 files +17 −5
  1. maradini77 commented at 9:54 am on August 10, 2025: none

    Summary

    Refactor scripts/diffcheck.sh to improve security and reliability by replacing fixed /tmp paths with secure temporary directories and avoiding destructive git checkout.

    Changes

    • Secure temp files: Use mktemp -d with automatic cleanup via trap instead of hardcoded /tmp paths
    • Non-destructive git operations: Replace git checkout HEAD^ with git archive to avoid modifying working tree state
  2. Update diffcheck.sh fb7c7223c4
  3. jonatack added the label CI on Aug 12, 2025
  4. jonatack commented at 8:47 pm on August 12, 2025: member
    LGTM, but I’m not a bash expert. Pinging file authors @kallewoof @achow101 for feedback.
  5. kallewoof commented at 11:42 pm on August 12, 2025: contributor

    I didn’t really write that code. The reason I’m on blame is because of the move that happened in #1432.

    That said, this PR seems to unnecessarily complicate things. This script is meant to be run in Github Actions. It’s not meant to be run by users, and doesn’t need “better safety”. I have no strong opinion on the subject though so if others think this is useful, go ahead.

  6. jonatack commented at 2:42 pm on August 13, 2025: member
    Thank you for the feedback @kallewoof.
  7. maradini77 requested review from jonatack on Sep 9, 2025
  8. in scripts/diffcheck.sh:17 in fb7c7223c4 
    17+# Build table from current working tree and compute diff
18+scripts/buildtable.pl >"$table_file" 2>/dev/null
19+diff README.mediawiki "$table_file" | grep '^[<>] |' >"$after_diff" || true
20+
21+# Build table from previous commit without altering the working tree
22+if git archive --format=tar HEAD^ | tar -x -C "$prev_dir" && perl "$prev_dir/scripts/buildtable.pl" >"$table_prev_file" 2>/dev/null; then
    katesalazar commented at 11:19 am on September 29, 2025:
    Does this run the previous rev script with the current rev contents?


maradini77 jonatack kallewoof katesalazar


jonatack

Labels
CI

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-17 18:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me