1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
---
title: "Safeguarding git repos against accidental rm"
date: 2015-12-08T00:17:39-08:00
date_display: December 8, 2015
...
Everyone who has spent a sizable portion of their life in terminals has experienced that "oh shit" moment: you realize what you've done immediately after you've hit enter, but it's already too late. And needlessly to say, many of those are associated to accidental `rm`s.
I just had one of those moments. I was going to delete a subdirectory of `~/.config`, but hit return prematurely, and the command line ended up being `rm -r ~/.config`. Imagine the horror one second later. Fortunately I was saved by the read-only objects in `.git`, which triggered prompts; however, damage was already done, to some extent. I had to reinit the repo and do a hard reset, and a corrupted submodule was in my way (it blocked my attempt of `git reset --hard`) which I eventually had to completely remove and re-add. In the end everything was recovered (hopefully) and back to normal, but this episode was definitely not great for heart health, which led me to rethink `rm`.
I've tried several safer `rm` solutions before. The first and obvious is to alias `rm` to `rm -i`, but having to answer dozens of prompts a day (or more) is agonizing and unproductive. I've also tried trashing, but a nonempty trash can makes me sick, so not for me either. I also used `safe-rm` for a couple of months, but without supplying my own blacklist (I have none to be blacklisted), I've never hit the default blacklist; apparently I'm not stupid enough to mess in system locations, so this won't really help much. Fortunately though, this time I might have found a very good solution for myself.
The idea is to protect all git repos. Git repos[^repo] are among the most valuable assets of programmers, and they have the nice property of not being completely removable without `-f` or `--force` (the work tree of a submodule, where `.git` is a regular file containing the relative path of the git dir, can be removed without `--force`, but we don't want to damage submodules anyway, so let's not single them out). It's unlikely that we would intend to remove a repo directory without specifying `-f` or `--force`, so let's just reject all such `rm` calls.
The wrapper is very easy to write. Here's one implementation for Zsh with support for both GNU coreutils and BSD `rm`.
[^repo]: In this article, "repo" stands for the work tree of a repo, unless otherwise noted; the actual repo with git objects is referred to as "git dir".
```zsh
rm () {
setopt localoptions noshwordsplit noksharrays
local args_backup force node
set -A args_backup $@
while :; do
case $1 in
--force|-*f*) force=1 && shift;;
--) shift && break;;
-*) shift;;
*) break;;
esac
done
for node; do
# -f, --force hasn't been specified && node is a git repo
[[ -z $force && -e $node/.git ]] && {
printf "\e[31m'%s' is a git repo -- won't remove without the -f or --force option\e[0m\n" $node
return 1
}
done
command rm $args_backup
}
```
Personally, I stick it into a [Prezto module](https://github.com/zmwangx/prezto/tree/master/modules/rm_guard) available from my fork. Hopefully it will serve me well this time round.
|
