mirror of
https://github.com/tw93/Mole.git
synced 2026-02-04 21:29:42 +00:00
Optimize supports setting whitelist
This commit is contained in:
Tw93
@@ -30,6 +30,8 @@ list_login_items() {
|
||||
# ============================================================================
|
||||
|
||||
check_touchid_sudo() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "check_touchid"; then return; fi
|
||||
# Check if Touch ID is configured for sudo
|
||||
local pam_file="/etc/pam.d/sudo"
|
||||
if [[ -f "$pam_file" ]] && grep -q "pam_tid.so" "$pam_file" 2> /dev/null; then
|
||||
@@ -53,6 +55,8 @@ check_touchid_sudo() {
|
||||
}
|
||||
|
||||
check_rosetta() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "check_rosetta"; then return; fi
|
||||
# Check Rosetta 2 (for Apple Silicon Macs)
|
||||
if [[ "$(uname -m)" == "arm64" ]]; then
|
||||
if [[ -f "/Library/Apple/usr/share/rosetta/rosetta" ]]; then
|
||||
@@ -65,6 +69,8 @@ check_rosetta() {
|
||||
}
|
||||
|
||||
check_git_config() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "check_git_config"; then return; fi
|
||||
# Check basic Git configuration
|
||||
if command -v git > /dev/null 2>&1; then
|
||||
local git_name=$(git config --global user.name 2> /dev/null || echo "")
|
||||
@@ -89,6 +95,8 @@ check_all_config() {
|
||||
# ============================================================================
|
||||
|
||||
check_filevault() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "check_filevault"; then return; fi
|
||||
# Check FileVault encryption status
|
||||
if command -v fdesetup > /dev/null 2>&1; then
|
||||
local fv_status=$(fdesetup status 2> /dev/null || echo "")
|
||||
@@ -102,6 +110,8 @@ check_filevault() {
|
||||
}
|
||||
|
||||
check_firewall() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "firewall"; then return; fi
|
||||
# Check firewall status
|
||||
unset FIREWALL_DISABLED
|
||||
local firewall_status=$(defaults read /Library/Preferences/com.apple.alf globalstate 2> /dev/null || echo "0")
|
||||
@@ -116,6 +126,8 @@ check_firewall() {
|
||||
}
|
||||
|
||||
check_gatekeeper() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "gatekeeper"; then return; fi
|
||||
# Check Gatekeeper status
|
||||
if command -v spctl > /dev/null 2>&1; then
|
||||
local gk_status=$(spctl --status 2> /dev/null || echo "")
|
||||
@@ -132,6 +144,8 @@ check_gatekeeper() {
|
||||
}
|
||||
|
||||
check_sip() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "check_sip"; then return; fi
|
||||
# Check System Integrity Protection
|
||||
if command -v csrutil > /dev/null 2>&1; then
|
||||
local sip_status=$(csrutil status 2> /dev/null || echo "")
|
||||
@@ -194,6 +208,8 @@ is_cache_valid() {
|
||||
}
|
||||
|
||||
check_homebrew_updates() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "check_brew_updates"; then return; fi
|
||||
if ! command -v brew > /dev/null 2>&1; then
|
||||
return
|
||||
fi
|
||||
@@ -320,6 +336,8 @@ check_appstore_updates() {
|
||||
}
|
||||
|
||||
check_macos_update() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "check_macos_updates"; then return; fi
|
||||
local spinner_started=false
|
||||
if [[ -t 1 ]]; then
|
||||
printf " Checking macOS updates...\r"
|
||||
@@ -523,6 +541,8 @@ check_memory_usage() {
|
||||
}
|
||||
|
||||
check_login_items() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "check_login_items"; then return; fi
|
||||
local login_items_count=0
|
||||
local -a login_items_list=()
|
||||
|
||||
@@ -640,6 +660,8 @@ check_swap_usage() {
|
||||
}
|
||||
|
||||
check_brew_health() {
|
||||
# Check whitelist
|
||||
if command -v is_whitelisted >/dev/null && is_whitelisted "check_brew_health"; then return; fi
|
||||
# Check Homebrew doctor
|
||||
if command -v brew > /dev/null 2>&1; then
|
||||
# Show spinner while running brew doctor
|
||||
|
||||
@@ -68,6 +68,13 @@ declare -a DEFAULT_WHITELIST_PATTERNS=(
|
||||
"$FINDER_METADATA_SENTINEL"
|
||||
)
|
||||
|
||||
declare -a DEFAULT_OPTIMIZE_WHITELIST_PATTERNS=(
|
||||
"check_brew_updates"
|
||||
"check_brew_health"
|
||||
"check_touchid"
|
||||
"check_git_config"
|
||||
)
|
||||
|
||||
# ============================================================================
|
||||
# BSD Stat Compatibility
|
||||
# ============================================================================
|
||||
|
||||
@@ -9,8 +9,9 @@ _MOLE_MANAGE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
source "$_MOLE_MANAGE_DIR/../core/common.sh"
|
||||
source "$_MOLE_MANAGE_DIR/../ui/menu_simple.sh"
|
||||
|
||||
# Config file path
|
||||
WHITELIST_CONFIG="$HOME/.config/mole/whitelist"
|
||||
# Config file paths
|
||||
readonly WHITELIST_CONFIG_CLEAN="$HOME/.config/mole/whitelist"
|
||||
readonly WHITELIST_CONFIG_OPTIMIZE="$HOME/.config/mole/whitelist_checks"
|
||||
|
||||
# Default whitelist patterns defined in lib/core/common.sh:
|
||||
# - DEFAULT_WHITELIST_PATTERNS
|
||||
@@ -18,15 +19,25 @@ WHITELIST_CONFIG="$HOME/.config/mole/whitelist"
|
||||
|
||||
# Save whitelist patterns to config
|
||||
save_whitelist_patterns() {
|
||||
local mode="$1"
|
||||
shift
|
||||
local -a patterns
|
||||
patterns=("$@")
|
||||
mkdir -p "$(dirname "$WHITELIST_CONFIG")"
|
||||
|
||||
local config_file
|
||||
local header_text
|
||||
|
||||
cat > "$WHITELIST_CONFIG" << 'EOF'
|
||||
# Mole Whitelist - Protected paths won't be deleted
|
||||
# Default protections: Playwright browsers, HuggingFace models, Maven repo, Ollama models, Surge Mac, R renv, Finder metadata
|
||||
# Add one pattern per line to keep items safe.
|
||||
EOF
|
||||
if [[ "$mode" == "optimize" ]]; then
|
||||
config_file="$WHITELIST_CONFIG_OPTIMIZE"
|
||||
header_text="# Mole Optimization Whitelist - These checks will be skipped during optimization"
|
||||
else
|
||||
config_file="$WHITELIST_CONFIG_CLEAN"
|
||||
header_text="# Mole Whitelist - Protected paths won't be deleted\n# Default protections: Playwright browsers, HuggingFace models, Maven repo, Ollama models, Surge Mac, R renv, Finder metadata\n# Add one pattern per line to keep items safe."
|
||||
fi
|
||||
|
||||
mkdir -p "$(dirname "$config_file")"
|
||||
|
||||
echo -e "$header_text" > "$config_file"
|
||||
|
||||
if [[ ${#patterns[@]} -gt 0 ]]; then
|
||||
local -a unique_patterns=()
|
||||
@@ -45,9 +56,9 @@ EOF
|
||||
done
|
||||
|
||||
if [[ ${#unique_patterns[@]} -gt 0 ]]; then
|
||||
printf '\n' >> "$WHITELIST_CONFIG"
|
||||
printf '\n' >> "$config_file"
|
||||
for pattern in "${unique_patterns[@]}"; do
|
||||
echo "$pattern" >> "$WHITELIST_CONFIG"
|
||||
echo "$pattern" >> "$config_file"
|
||||
done
|
||||
fi
|
||||
fi
|
||||
@@ -128,6 +139,24 @@ EOF
|
||||
echo "Finder metadata (.DS_Store)|$FINDER_METADATA_SENTINEL|system_cache"
|
||||
}
|
||||
|
||||
# Get all optimize items with their patterns
|
||||
get_optimize_whitelist_items() {
|
||||
# Format: "display_name|pattern|category"
|
||||
cat << 'EOF'
|
||||
macOS Firewall check|firewall|security_check
|
||||
Gatekeeper check|gatekeeper|security_check
|
||||
Homebrew updates check|check_brew_updates|update_check
|
||||
macOS system updates check|check_macos_updates|update_check
|
||||
Homebrew health check (doctor)|check_brew_health|health_check
|
||||
SIP status check|check_sip|security_check
|
||||
FileVault status check|check_filevault|security_check
|
||||
TouchID sudo check|check_touchid|config_check
|
||||
Rosetta 2 check|check_rosetta|config_check
|
||||
Git configuration check|check_git_config|config_check
|
||||
Login items check|check_login_items|config_check
|
||||
EOF
|
||||
}
|
||||
|
||||
patterns_equivalent() {
|
||||
local first="${1/#~/$HOME}"
|
||||
local second="${2/#~/$HOME}"
|
||||
@@ -138,9 +167,17 @@ patterns_equivalent() {
|
||||
}
|
||||
|
||||
load_whitelist() {
|
||||
local mode="${1:-clean}"
|
||||
local -a patterns=()
|
||||
local config_file
|
||||
|
||||
if [[ -f "$WHITELIST_CONFIG" ]]; then
|
||||
if [[ "$mode" == "optimize" ]]; then
|
||||
config_file="$WHITELIST_CONFIG_OPTIMIZE"
|
||||
else
|
||||
config_file="$WHITELIST_CONFIG_CLEAN"
|
||||
fi
|
||||
|
||||
if [[ -f "$config_file" ]]; then
|
||||
while IFS= read -r line; do
|
||||
# shellcheck disable=SC2295
|
||||
line="${line#"${line%%[![:space:]]*}"}"
|
||||
@@ -148,9 +185,13 @@ load_whitelist() {
|
||||
line="${line%"${line##*[![:space:]]}"}"
|
||||
[[ -z "$line" || "$line" =~ ^# ]] && continue
|
||||
patterns+=("$line")
|
||||
done < "$WHITELIST_CONFIG"
|
||||
done < "$config_file"
|
||||
else
|
||||
patterns=("${DEFAULT_WHITELIST_PATTERNS[@]}")
|
||||
if [[ "$mode" == "clean" ]]; then
|
||||
patterns=("${DEFAULT_WHITELIST_PATTERNS[@]}")
|
||||
elif [[ "$mode" == "optimize" ]]; then
|
||||
patterns=("${DEFAULT_OPTIMIZE_WHITELIST_PATTERNS[@]}")
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ ${#patterns[@]} -gt 0 ]]; then
|
||||
@@ -193,12 +234,15 @@ is_whitelisted() {
|
||||
}
|
||||
|
||||
manage_whitelist() {
|
||||
manage_whitelist_categories
|
||||
local mode="${1:-clean}"
|
||||
manage_whitelist_categories "$mode"
|
||||
}
|
||||
|
||||
manage_whitelist_categories() {
|
||||
local mode="$1"
|
||||
|
||||
# Load currently enabled patterns from both sources
|
||||
load_whitelist
|
||||
load_whitelist "$mode"
|
||||
|
||||
# Build cache items list
|
||||
local -a cache_items=()
|
||||
@@ -206,6 +250,21 @@ manage_whitelist_categories() {
|
||||
local -a menu_options=()
|
||||
local index=0
|
||||
|
||||
# Choose source based on mode
|
||||
local items_source
|
||||
local menu_title
|
||||
local active_config_file
|
||||
|
||||
if [[ "$mode" == "optimize" ]]; then
|
||||
items_source=$(get_optimize_whitelist_items)
|
||||
menu_title="Whitelist Manager – Select system checks to ignore"
|
||||
active_config_file="$WHITELIST_CONFIG_OPTIMIZE"
|
||||
else
|
||||
items_source=$(get_all_cache_items)
|
||||
menu_title="Whitelist Manager – Select caches to protect"
|
||||
active_config_file="$WHITELIST_CONFIG_CLEAN"
|
||||
fi
|
||||
|
||||
while IFS='|' read -r display_name pattern _; do
|
||||
# Expand $HOME in pattern
|
||||
pattern="${pattern/\$HOME/$HOME}"
|
||||
@@ -215,7 +274,7 @@ manage_whitelist_categories() {
|
||||
menu_options+=("$display_name")
|
||||
|
||||
((index++)) || true
|
||||
done < <(get_all_cache_items)
|
||||
done <<< "$items_source"
|
||||
|
||||
# Identify custom patterns (not in predefined list)
|
||||
local -a custom_patterns=()
|
||||
@@ -280,7 +339,7 @@ manage_whitelist_categories() {
|
||||
fi
|
||||
|
||||
MOLE_SELECTION_RESULT=""
|
||||
paginated_multi_select "Whitelist Manager – Select caches to protect" "${menu_options[@]}"
|
||||
paginated_multi_select "$menu_title" "${menu_options[@]}"
|
||||
unset MOLE_PRESELECTED_INDICES
|
||||
local exit_code=$?
|
||||
|
||||
@@ -318,9 +377,9 @@ manage_whitelist_categories() {
|
||||
|
||||
# Save to whitelist config (bash 3.2 + set -u safe)
|
||||
if [[ ${#all_patterns[@]} -gt 0 ]]; then
|
||||
save_whitelist_patterns "${all_patterns[@]}"
|
||||
save_whitelist_patterns "$mode" "${all_patterns[@]}"
|
||||
else
|
||||
save_whitelist_patterns
|
||||
save_whitelist_patterns "$mode"
|
||||
fi
|
||||
|
||||
local total_protected=$((${#selected_patterns[@]} + ${#custom_patterns[@]}))
|
||||
@@ -331,7 +390,7 @@ manage_whitelist_categories() {
|
||||
else
|
||||
summary_lines+=("Protected ${total_protected} cache(s)")
|
||||
fi
|
||||
summary_lines+=("Saved to ${WHITELIST_CONFIG}")
|
||||
summary_lines+=("Saved to ${active_config_file}")
|
||||
|
||||
print_summary_block "${summary_lines[@]}"
|
||||
printf '\n'
|
||||
|
||||
Reference in New Issue
Block a user