Fix sorting logic and clean up redundant conditionals#6
Open
assisted-by-ai wants to merge 3 commits intoKicksecure:masterfrom
Open
Fix sorting logic and clean up redundant conditionals#6assisted-by-ai wants to merge 3 commits intoKicksecure:masterfrom
assisted-by-ai wants to merge 3 commits intoKicksecure:masterfrom
Conversation
- Fix empty mount list edge case in live-hardener where readarray on an
empty here-string creates a ghost array element, causing harden_mounts
to attempt operations on an empty mount path
- Fix inconsistent grub_distributor_appendix text between 10_20_linux_live
("disposable use") and 10_60_linux_live_advanced ("For disposable use")
- Remove dead conditional branches in both GRUB scripts where all
if/elif/else branches assigned GRUB_DISTRIBUTOR to the same value
- Use $* instead of $@ in 45_debugging output() to avoid
implementation-defined behavior when embedded in a double-quoted string
https://claude.ai/code/session_01WHDK9nRRjJnnUtUUBswH1D
- Fix ghost empty first element in proc_mount_path_list (and sibling arrays): the while loop in populate_proc_mount_lists appends a trailing newline to proc_mount_annotated_str, and the here-string adds another; sort sees the resulting empty line and places it first in C locale, creating a spurious empty element at index 0. Fix by stripping the trailing newline before sorting. - Fix ghost empty entry in lsblk_path_list when parsing multi-mount devices: lsblk encodes newline-separated mount paths with trailing \x0a, which after printf %b decoding and readarray via here-string produces a trailing empty array element. Fix by skipping empty entries in the lsblk path loop. - Fix misleading comment that described STX as having the "second-highest sorting order" in C locale; STX (0x02) actually has one of the lowest byte values, meaning it sorts earliest. https://claude.ai/code/session_01WHDK9nRRjJnnUtUUBswH1D
- Fix comment that says slashes are replaced with "SOH" when the code actually uses STX (ascii_stx). SOH is used as the decorator/line separator, not for slash replacement. - Remove duplicate variable declarations in get_mount_list_to_harden: submount_dir was declared on lines 253 and 254, and allow_hide_submounts was declared twice on line 254. - Add missing early break in the nooverlay filesystem check: when skip_dir_overlay is set to 'true' by the inner loop, only the inner loop breaks; the outer loop over proc_mount_path_list continues iterating needlessly over all remaining mount entries. https://claude.ai/code/session_01WHDK9nRRjJnnUtUUBswH1D
ArrayBolt3
reviewed
Apr 14, 2026
ArrayBolt3
left a comment
ArrayBolt3
left a comment
There was a problem hiding this comment.
Accepted in ArrayBolt3@1fb6160 with an added comment and a couple of string changes.
| else | ||
| GRUB_DISTRIBUTOR="$grub_distributor_appendix" | ||
| fi | ||
| grub_distributor_appendix="LIVE Mode | USER Session | For disposable use" |
There was a problem hiding this comment.
"For" should not be added to "disposable use". (It was mistakenly present in a different script in this repo, which is probably why Claude decided to add it here.)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes several bugs and improves code clarity across the grub-live hardening scripts and GRUB configuration files.
Key Changes
usr/libexec/grub-live/live-hardener:
proc_mount_annotated_strto prevent sort from creating ghost empty elementsallow_hide_submountsin local variable listlsblk_raw_path_listcaused by trailing newline escapesoverlay_mount_list_stris empty to avoid unnecessary processingskip_dir_overlayis true to prevent redundant directory traversaletc/grub.d/10_20_linux_live and etc/grub.d/10_60_linux_live_advanced:
GRUB_DISTRIBUTORassignment to directly usegrub_distributor_appendixinstead of conditional checksetc/grub.d/45_debugging:
$@to$*for proper quoting behaviorNotable Implementation Details
https://claude.ai/code/session_01WHDK9nRRjJnnUtUUBswH1D