Idea: --update-confirm that shows a diff

[jcalfee]

Nice job on the updates! I have to say, this is my favorite script. I have an idea. As much as I trust your script, would it be useful to have --update-confirm show a diff and ask y / n? After all, the update command does require root access. Imagine the case where someone visually audits the x11docker script along with the original --update feature once and trusts it at that point then wants to update again. Then they could trust their local copy and that --update-confirm would show a complete diff. It seams like that would encourage and make it easier to keep up the audit and catch any changes even from tampering at the site hosting the x11docker update. It might be worth it if this is very short and simple to implement. Not sure about anyone else, but security is my primary use case for x11docker.

[mviereck]

That sounds like an interesting idea, thank you for the suggestion! I am already trying it. Currently I think of an optional argument --update[-master]=diff that only shows the difference without installing anything. I really appreciate that you are looking at the code. It is always possible that I introduce some stupid or even dangerous issue, and it helps a lot if others look at it, too.

I once also thought of an optional argument --update[-master]=VERSION to specify a version number to install. But I am not sure if that makes sense and would be needed by anyone. The choice between stable release and latest master seems to be sufficient.

[mviereck]

I have introduced argument diff as described above. If you run x11docker --update-master once to get the new code, and then x11docker --update=diff, you'll see the new code. (However, the new code will be shown as removed because it would be a downgrade from master to stable.) The changelog excerpt is printed, too. With argument diff no root privileges are needed.

Edit: New stable release v7.4.1 contains this. After installing it you can use it as intended.