fix: unnecessary password prompts for hosts and cert (#19)

Author: pilat

cmd/devbox/up.go

@@ -184,32 +184,29 @@ func runCertUpdate(p *project.Project, firstTime bool) error {
 }
 
 func runHostsUpdate(p *project.Project, firstTime, cleanup bool) error {
-	if len(p.HostEntities) == 0 && !p.HasHosts {
-		return nil // project has no hosts and there were no hosts before
-	}
-
 	entities := p.HostEntities
 	if cleanup {
 		entities = []string{}
 	}
 
-	fmt.Println("[*] Update hosts file...")
-
-	err := hosts.Save(p.Name, entities)
+	changed, err := hosts.Save(p.Name, entities)
 	if err != nil && firstTime {
+		// Permission denied - retry with sudo
 		args := []string{"--", "devbox", "update-hosts", "--name", p.Name}
 		if cleanup {
 			args = append(args, "--cleanup")
 		}
 
+		fmt.Println("[*] Update hosts file...")
 		cmd := exec.Command("sudo", args...)
 		if err := cmd.Run(); err != nil {
 			return fmt.Errorf("failed to save hosts file: %w", err)
 		}
 	} else if err != nil {
 		return fmt.Errorf("failed to save hosts file: %w", err)
+	} else if changed {
+		fmt.Println("[*] Updated hosts file")
 	}
 
-	p.HasHosts = len(entities) == 0
-	return p.SaveState()
+	return nil
 }

internal/cert/cert_darwin.go

@@ -6,6 +6,7 @@ package cert
 import (
 	"bytes"
 	"crypto/x509"
+	"encoding/pem"
 	"fmt"
 	"os/exec"
 )
@@ -18,12 +19,31 @@ func (c *cert) isSynced() bool {
 		return false
 	}
 
-	certFromKeychain, err := decodePEM[x509.Certificate](outBuf.Bytes())
-	if err != nil {
-		return false
+	// The command may return multiple PEM blocks if there are multiple
+	// certificates with matching names. We need to check all of them.
+	data := outBuf.Bytes()
+	for len(data) > 0 {
+		block, rest := pem.Decode(data)
+		if block == nil {
+			break
+		}
+		data = rest
+
+		if block.Type != pemTypeCertificate {
+			continue
+		}
+
+		cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			continue
+		}
+
+		if c.cert.Equal(cert) {
+			return true
+		}
 	}
 
-	return c.cert.Equal(certFromKeychain)
+	return false
 }
 
 func (c *cert) installCA() error {

internal/hosts/hosts.go

@@ -14,23 +14,25 @@ const (
 	endMarkerTemplate   = "# END: Devbox: '%s' project"
 )
 
-func Save(projectName string, entries []string) error {
+// Save updates the hosts file with the given entries. Returns (changed, error).
+// If no changes were needed, changed is false and no write occurs.
+func Save(projectName string, entries []string) (bool, error) {
 	return save(defaultHostFile, projectName, entries)
 }
 
-func save(hostFile, projectName string, entries []string) error {
+func save(hostFile, projectName string, entries []string) (bool, error) {
 	markerBegin := fmt.Sprintf(beginMarkerTemplate, projectName)
 	markerEnd := fmt.Sprintf(endMarkerTemplate, projectName)
 
 	fileInfo, err := os.Stat(hostFile)
 	if err != nil {
-		return fmt.Errorf("failed to stat hosts file: %w", err)
+		return false, fmt.Errorf("failed to stat hosts file: %w", err)
 	}
 	fileMode := fileInfo.Mode()
 
 	oldContent, err := os.ReadFile(hostFile)
 	if err != nil {
-		return fmt.Errorf("failed to read hosts file: %w", err)
+		return false, fmt.Errorf("failed to read hosts file: %w", err)
 	}
 
 	var newContent strings.Builder
@@ -68,10 +70,10 @@ func save(hostFile, projectName string, entries []string) error {
 	}
 
 	if lookupForEnd {
-		return fmt.Errorf("unexpected end of file")
+		return false, fmt.Errorf("unexpected end of file")
 	}
 
-	if !replaced {
+	if !replaced && len(entries) > 0 {
 		newContent.WriteString(markerBegin + "\n")
 		for _, entry := range entries {
 			newContent.WriteString(entry + "\n")
@@ -80,8 +82,12 @@ func save(hostFile, projectName string, entries []string) error {
 	}
 
 	if newContent.String() == string(oldContent) {
-		return nil
+		return false, nil
 	}
 
-	return os.WriteFile(hostFile, []byte(newContent.String()), fileMode)
+	err = os.WriteFile(hostFile, []byte(newContent.String()), fileMode)
+	if err != nil {
+		return false, fmt.Errorf("failed to write hosts file: %w", err)
+	}
+	return true, nil
 }

internal/hosts/hosts_test.go

@@ -49,8 +49,7 @@ func TestSave(t *testing.T) {
 			err = os.WriteFile(tempFile.Name(), []byte(tc.initialContent), 0644)
 			assert.NoError(t, err)
 
-			err = save(tempFile.Name(), tc.projectName, tc.entries)
-
+			_, err = save(tempFile.Name(), tc.projectName, tc.entries)
 			assert.NoError(t, err)
 
 			content, err := os.ReadFile(tempFile.Name())

internal/project/project.go

@@ -7,6 +7,7 @@ import (
 	"net"
 	"os"
 	"path/filepath"
+	"slices"
 	"strings"
 	"unicode"
 
@@ -29,7 +30,6 @@ type Project struct {
 	CertConfig   CertConfig
 
 	LocalMounts map[string]string // some service's full mount path -> local path
-	HasHosts    bool
 
 	envFiles []string
 }
@@ -119,8 +119,7 @@ func (p *Project) WithSelectedServices(names []string, options ...types.Dependen
 
 func (p *Project) SaveState() error {
 	state := &stateFileStruct{
-		Mounts:   p.LocalMounts,
-		HasHosts: p.HasHosts,
+		Mounts: p.LocalMounts,
 	}
 
 	json, err := json.Marshal(state)
@@ -184,12 +183,10 @@ func loadState(p *Project) error {
 		return fmt.Errorf("failed to unmarshal state: %w", err)
 	}
 
-	if state.Mounts == nil {
-		return nil
+	if state.Mounts != nil {
+		p.LocalMounts = state.Mounts
 	}
 
-	p.LocalMounts = state.Mounts
-
 	return nil
 }
 
@@ -232,9 +229,17 @@ func applyHosts(p *Project) error {
 			}
 		}
 
-		entities := []string{}
-		for ip, hosts := range ipToHosts {
-			entities = append(entities, fmt.Sprintf("%s %s", ip, strings.Join(hosts, " ")))
+		// Sort IPs to ensure deterministic output order
+		ips := make([]string, 0, len(ipToHosts))
+		for ip := range ipToHosts {
+			ips = append(ips, ip)
+		}
+		slices.Sort(ips)
+
+		entities := make([]string, 0, len(ips))
+		for _, ip := range ips {
+			slices.Sort(ipToHosts[ip])
+			entities = append(entities, fmt.Sprintf("%s %s", ip, strings.Join(ipToHosts[ip], " ")))
 		}
 
 		p.HostEntities = entities

internal/project/struct.go

@@ -1,6 +1,5 @@
 package project
 
 type stateFileStruct struct {
-	Mounts   map[string]string `json:"mounts"`
-	HasHosts bool              `json:"hasHosts"`
+	Mounts map[string]string `json:"mounts"`
 }