bkt icon indicating copy to clipboard operation
bkt copied to clipboard
verified publisher icon dimo414

[Feature] Additional capture files besides stdout/stderr

Open eatnumber1 opened this issue 11 months ago • 2 comments

Consider the following command taken directly from the find.1 man page

Traversing the filesystem just once - for 2 different actions

  • Traverse the filesystem just once, listing set-user-ID files and directories into /root/suid.txt and large files into /root/big.txt.
$ find / \
    \( -perm -4000 -fprintf /root/suid.txt '%#m %u %p\n' \) , \
    \( -size +100M -fprintf /root/big.txt '%-10s %p\n' \)

This example uses the line-continuation character '\' on the first two lines to instruct the shell to continue reading the command on the next line.

Can this command be bkt'ed? I'm pretty sure not. The issue is that it affects files other than stdout/stderr, so future replays by bkt would not write to the files. Even if one of the files was /dev/stdout instead of /root/suid.txt, the other file would still not be affected.

If bkt gets a new feature, the ability to set files other than stdout/stderr as data to be captured + replayed, this could be made to work. Hypothetically, it could be e.g. bkt --output-file=/root/suid.txt --output-file=/root/big.txt --ttl=1h -- find ....

eatnumber1 avatar Jan 22 '25 03:01 eatnumber1

I think the idea of being able to have bkt cache files is very interesting! I wonder if a design similar to SQLite's magic :memory: file name could be used here? For example, file names within a bkt scope (rather than just a command) could be specified for writing/caching with :$label:.

My understanding of your example bkt --output-file=/root/suid.txt --output-file=/root/big.txt --ttl=1h -- find ... is that you would like the command (find ...) to only be rerun after the 1 hour TTL, but that you would like the output files rewritten every time the full bkt command is run.

If my understanding is correct, your previous command might be rewritten with this hypothetical feature as:

$ export BKT_SCOPE="example-scope"
$ export BKT_TTL="1h"
$ bkt -- find / \
    \( -perm -4000 -fprintf :suid-txt: '%#m %u %p\n' \) , \
    \( -size +100M -fprintf :big-text: '%-10s %p\n' \)
$ bkt cat :suid-text: >/root/suid.txt
$ bkt cat :big-text: > /root/big.txt

Shirtpantswallet avatar Aug 02 '25 17:08 Shirtpantswallet

My understanding of your example bkt --output-file=/root/suid.txt --output-file=/root/big.txt --ttl=1h -- find ... is that you would like the command (find ...) to only be rerun after the 1 hour TTL, but that you would like the output files rewritten every time the full bkt command is run.

Right.

I wonder if a design similar to SQLite's magic :memory: file name could be used here?

What does that let us do that --output-file doesn't? My concern is that with :suid-txt:, bkt will need to parse and modify the command that bkt is about to run to substitute in the file name (which has edge cases that break, such as running bkt -- sqlite3 :memfile: :p, whereas with --output-file the user is supplying the file.

eatnumber1 avatar Aug 03 '25 19:08 eatnumber1