clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: atomic write of provider.env in enable-mother #144

Merged
clawdie merged 1 commit from fix/atomic-provider-env into main 2026-06-25 14:07:41 +02:00
Conversation 0 Commits 1 Files changed 2 +7 -4
clawdie commented 2026-06-25 14:07:25 +02:00
Owner
Copy link

Step 4 of clawdie-enable-mother.sh rewrote provider.env in place with
cat "$tmp" >"$f", which truncates the live secrets file before
streaming the new content. A crash, signal, disk-full, or concurrent
read during that window leaves provider.env empty or partial — and the
colibri_daemon prestart sources it for the provider key + BW_* creds.

Switch to the write-temp-then-rename pattern already used for
external-mcp.json in step 3: mktemp in provider.env's own directory (so
the rename stays on one filesystem and is atomic), chmod 0600 before the
swap, then mv. A reader now always sees a complete file, old or new.

Also add jq to the disk-install extras so disk-deployed hosts can run
the script post-deploy (step 3 hard-requires jq; the live image already
ships it).

Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com

Step 4 of clawdie-enable-mother.sh rewrote provider.env in place with `cat "$tmp" >"$f"`, which truncates the live secrets file before streaming the new content. A crash, signal, disk-full, or concurrent read during that window leaves provider.env empty or partial — and the colibri_daemon prestart sources it for the provider key + BW_* creds. Switch to the write-temp-then-rename pattern already used for external-mcp.json in step 3: mktemp in provider.env's own directory (so the rename stays on one filesystem and is atomic), chmod 0600 before the swap, then mv. A reader now always sees a complete file, old or new. Also add jq to the disk-install extras so disk-deployed hosts can run the script post-deploy (step 3 hard-requires jq; the live image already ships it). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
clawdie added 1 commit 2026-06-25 14:07:28 +02:00 
Step 4 of clawdie-enable-mother.sh rewrote provider.env in place with
`cat "$tmp" >"$f"`, which truncates the live secrets file before
streaming the new content. A crash, signal, disk-full, or concurrent
read during that window leaves provider.env empty or partial — and the
colibri_daemon prestart sources it for the provider key + BW_* creds.

Switch to the write-temp-then-rename pattern already used for
external-mcp.json in step 3: mktemp in provider.env's own directory (so
the rename stays on one filesystem and is atomic), chmod 0600 before the
swap, then mv. A reader now always sees a complete file, old or new.

Also add jq to the disk-install extras so disk-deployed hosts can run
the script post-deploy (step 3 hard-requires jq; the live image already
ships it).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
clawdie merged commit c76345cd29 into main 2026-06-25 14:07:41 +02:00
clawdie deleted branch fix/atomic-provider-env 2026-06-25 14:07:42 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/clawdie-iso#144
No description provided.
Delete branch "fix/atomic-provider-env"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?