From 089007919d22a98f5d767ced5f58f65661667e0c Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Mon, 8 Dec 2025 09:17:24 +0100
Subject: [PATCH] Add package validation guard and make pacman idempotent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add explicit validation in UpdatePackage to require package name when
  'all' is false, preventing empty package commands being sent to servers
- Add --needed flag to pacman install in InstallDocker for idempotent
  Docker installation on Arch Linux

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 app/Actions/Server/InstallDocker.php | 3 ++-
 app/Actions/Server/UpdatePackage.php | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/Actions/Server/InstallDocker.php b/app/Actions/Server/InstallDocker.php
index 55a643e83..7e0ad8198 100644
--- a/app/Actions/Server/InstallDocker.php
+++ b/app/Actions/Server/InstallDocker.php
@@ -158,7 +158,8 @@ private function getArchDockerInstallCommand(): string
         // Use -Syu to perform full system upgrade before installing Docker
         // Partial upgrades (-Sy without -u) are discouraged on Arch Linux
         // as they can lead to broken dependencies and system instability
-        return 'pacman -Syu --noconfirm docker docker-compose && '.
+        // Use --needed to skip reinstalling packages that are already up-to-date (idempotent)
+        return 'pacman -Syu --noconfirm --needed docker docker-compose && '.
             'systemctl enable docker.service && '.
             'systemctl start docker.service';
     }
diff --git a/app/Actions/Server/UpdatePackage.php b/app/Actions/Server/UpdatePackage.php
index 8b81377ee..ab0ca9494 100644
--- a/app/Actions/Server/UpdatePackage.php
+++ b/app/Actions/Server/UpdatePackage.php
@@ -21,6 +21,13 @@ public function handle(Server $server, string $osId, ?string $package = null, ?s
                 ];
             }
 
+            // Validate that package name is provided when not updating all packages
+            if (! $all && ($package === null || $package === '')) {
+                return [
+                    'error' => "Package name required when 'all' is false.",
+                ];
+            }
+
             // Sanitize package name to prevent command injection
             // Only allow alphanumeric characters, hyphens, underscores, periods, plus signs, and colons
             // These are valid characters in package names across most package managers