fix(aztec-up): add truncation protection to install scripts#21896
Merged
nchamo merged 1 commit intomerge-train/fairiesfrom Mar 24, 2026
Merged
fix(aztec-up): add truncation protection to install scripts#21896nchamo merged 1 commit intomerge-train/fairiesfrom
nchamo merged 1 commit intomerge-train/fairiesfrom
Conversation
AztecBot
pushed a commit
that referenced
this pull request
Mar 24, 2026
Collaborator
|
✅ Successfully backported to backport-to-v4-next-staging #21899. |
AztecBot
added a commit
that referenced
this pull request
Mar 25, 2026
BEGIN_COMMIT_OVERRIDE fix(aztec-up): narrow PATH cleanup regex to avoid removing user PATH entries (#21828) fix: consolidate blob source test into single summary log with supernode detection (#21719) fix: use anchor block on getL1ToL2MsgWitness (#21872) fix: make sure queries are not made ahead of the anchor block (#21874) chore(docs): backport docs infrastructure changes to v4 (#21437) chore: backport PR #21836 (fix: explicitly handle initial block case for getBlockHashMembershipWitness) to v4-next (#21891) chore: backport PR #21813 (fix(aztec-up): strip leading v prefix from version strings) to v4-next (#21912) docs: document defi-wonderland immutable macro (#21764) fix: pin typescript and harden lockfile check in docs examples CI (v4 backport) (#21914) docs: expand circuit profiling guide and document kernel gate cost overhead (#21770) feat: cli-wallet (#21757) chore: sync backport staging with v4-next HEAD (#21931) fix: bot gas estimations (backport #21945) (#21947) refactor(aztec-nr): use logging wrappers in compute_note_hash_and_nullifier (#21897) fix: backport v4 next staging (#21934) fix: make PXE#getSyncedBlockHeader a concurrency=1 job to prevent IDB tx liveness issues (#21944) feat: add error page mapping for incompatible oracles (#21943) fix(aztec-up): validate semver in uninstall to prevent path traversal (#21892) chore: merge v4-next into backport staging (fix ancestry) (#21954) fix(aztec-up): add truncation protection to install scripts (#21896) fix: noir format in compute_note_hash_and_nullifier.nr (#21956) fix(stdlib): decode `EthAddress`, `FunctionSelector` and wrapped field structs in `AbiDecoder` (#21926) chore: update noir to nightly-2026-02-12-patch.1 (#21960) fix: ensure empty docs examples does not populate yarn lock backport (#21963) fix: docs examples does not build on simple bootstrap backport (#21964) fix: add rc/testnet version detection to API reference pages (#21966) docs: document EmbeddedWallet automatic gas estimation and private authwits (#21790) fix(pxe): robust error handling in message processing (backport #21093) (#21981) chore: manually recreate backport (#21969) chore: (A-779) load all accounts before calling LogService.#getSecretsForSenders (#21923) END_COMMIT_OVERRIDE
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Mar 25, 2026
BEGIN_COMMIT_OVERRIDE fix: interactions clean up (#21933) fix(stdlib): decode `EthAddress`, `FunctionSelector` and wrapped field structs in `AbiDecoder` (#21926) fix: bot gas estimations (#21945) refactor(aztec-nr): use logging wrappers in compute_note_hash_and_nullifier (#21897) feat: add error page mapping for incompatible oracles (#21943) fix(pxe): robust error handling in message processing (#21093) fix: make PXE#getSyncedBlockHeader a concurrency=1 job to prevent IDB tx liveness issues (#21944) fix(aztec-up): validate semver in uninstall to prevent path traversal (#21892) fix(aztec-up): add truncation protection to install scripts (#21896) feat!: scoped capsules (#21533) END_COMMIT_OVERRIDE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
installandaztec-installscripts are both fetched and executed viacurl | bash(e.g.bash -i <(curl -s https://install.aztec.network)foraztec-install, andcurl -fsSL "$install_url" | bashinaztec-upline 163 forinstall).When bash reads from a pipe, it processes input incrementally. If the download is truncated mid-stream (network drop, CDN timeout, partial response), bash can execute the portion it has already read, leaving the system in a broken or partially-configured state. For example, a truncated
installscript could create the version directory and download the versions manifest but never install the actual toolchain binaries, leaving users with a seemingly-installed but non-functional version.aztec-upitself already has this protection (lines 4-6 and 496-498), but the two scripts it downloads and pipes to bash did not.Fix
Wrapped both scripts in
{ ... exit; }, the same pattern already used byaztec-up:The
{}grouping forces bash to read and parse the entire block before executing any of it. If the download is truncated, bash hits a parse error (unclosed{) and refuses to run anything. The explicitexitbefore}ensures the shell terminates cleanly and doesn't attempt to parse any trailing data.Files changed:
aztec-updownloads and pipes to bashFixes F-481