fix(sensor-proxy): fix remaining unsafe config writers

1. Self-heal script: Add BINARY_PATH variable so CLI migration actually runs - Previously logged "Binary not available" and skipped migration 2. migrate-sensor-proxy-control-plane.sh: Use atomic write (temp + rename) - Prevents partial writes if script is interrupted - Reduces race window with running service These were the remaining gaps identified by Codex review. NOTE: migrate-sensor-proxy-control-plane.sh still uses Python manipulation instead of the Phase 2 CLI, but as a one-time migration script for upgrades from v4.31, the atomic write provides sufficient protection. Future versions can deprecate this script entirely.
2026-02-18 00:17:39 +01:00 · 2025-11-19 10:59:54 +00:00
parent d554c9dbb2
commit d6084e29dd
2 changed files with 24 additions and 10 deletions
--- a/scripts/install-sensor-proxy.sh
+++ b/scripts/install-sensor-proxy.sh
@@ -3094,6 +3094,7 @@ else
 set -euo pipefail

 SERVICE="pulse-sensor-proxy"
+BINARY_PATH="/opt/pulse/sensor-proxy/bin/pulse-sensor-proxy"
 INSTALLER="/opt/pulse/sensor-proxy/install-sensor-proxy.sh"
 CTID_FILE="/etc/pulse-sensor-proxy/ctid"
 PENDING_FILE="/etc/pulse-sensor-proxy/pending-control-plane.env"
--- a/scripts/migrate-sensor-proxy-control-plane.sh
+++ b/scripts/migrate-sensor-proxy-control-plane.sh
@@ -92,14 +92,20 @@ echo "$CONTROL_TOKEN" > "$TOKEN_FILE"
 chmod 600 "$TOKEN_FILE"
 chown pulse-sensor-proxy:pulse-sensor-proxy "$TOKEN_FILE"

-remove_control_block() {
-    python3 - "$CONFIG_FILE" <<'PY'
+update_config_atomically() {
+    # Phase 2: Use atomic write to prevent corruption
+    local temp_file
+    temp_file=$(mktemp)
+
+    # Remove old control plane blocks and add new one atomically
+    python3 - "$CONFIG_FILE" "$temp_file" <<'PY'
 from pathlib import Path
 import sys
-path = Path(sys.argv[1])
-if not path.exists():
+config_path = Path(sys.argv[1])
+temp_path = Path(sys.argv[2])
+if not config_path.exists():
    sys.exit(0)
-lines = path.read_text().splitlines(keepends=True)
+lines = config_path.read_text().splitlines(keepends=True)
 result = []
 i = 0
 while i < len(lines):
@@ -116,13 +122,11 @@ while i < len(lines):
        continue
    result.append(line)
    i += 1
-path.write_text("".join(result))
+temp_path.write_text("".join(result))
 PY
-}

-log "Updating config..."
-remove_control_block
-cat >> "$CONFIG_FILE" <<EOF
+    # Append new control plane config
+    cat >> "$temp_file" <<EOF

 # Pulse control plane configuration (added by migrate-sensor-proxy-control-plane.sh)
 pulse_control_plane:
@@ -131,6 +135,15 @@ pulse_control_plane:
  refresh_interval: $REFRESH_INTERVAL
 EOF

+    # Atomic rename
+    mv "$temp_file" "$CONFIG_FILE"
+    chmod 644 "$CONFIG_FILE"
+    chown pulse-sensor-proxy:pulse-sensor-proxy "$CONFIG_FILE" 2>/dev/null || true
+}
+
+log "Updating config..."
+update_config_atomically
+
 if [[ "$SKIP_RESTART" == false ]]; then
    log "Restarting pulse-sensor-proxy..."
    systemctl restart pulse-sensor-proxy