summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzachir <zachir@librem.one>2022-01-28 22:27:58 -0600
committerzachir <zachir@librem.one>2022-01-28 22:27:58 -0600
commitbc02677e03fd73dd991513abd76b8e25552d7662 (patch)
tree73c4c783bdca0372fb88f3ef0f971cb928d636c1
parentfee3e8b269f9c80a0323388b1572d02a44bde736 (diff)
allow using "doas" as root cmd (others unsupported)
-rw-r--r--zirless.sh65
1 files changed, 49 insertions, 16 deletions
diff --git a/zirless.sh b/zirless.sh
index 119ce0d..ec7ebbd 100644
--- a/zirless.sh
+++ b/zirless.sh
@@ -6,12 +6,13 @@
### OPTIONS AND VARIABLES ###
-while getopts ":a:r:b:p:h" o; do case "${o}" in
+while getopts ":a:r:b:p:s:h" o; do case "${o}" in
h) printf "Optional arguments for custom use:\\n -r: Dotfiles repository (local file or url)\\n -p: Dependencies and programs csv (local file or url)\\n -a: AUR helper (must have pacman-like syntax)\\n -h: Show this message\\n" && exit 1 ;;
r) dotfilesrepo=${OPTARG} && git ls-remote "$dotfilesrepo" || exit 1 ;;
b) repobranch=${OPTARG} ;;
p) progsfile=${OPTARG} ;;
a) aurhelper=${OPTARG} ;;
+ s) rootcmd=${OPTARG} ;;
*) printf "Invalid option: -%s\\n" "$OPTARG" && exit 1 ;;
esac done
@@ -71,8 +72,41 @@ refreshkeys() { \
}
newperms() { # Set special sudoers settings for install (or after).
- sed -i "/#ZIRLESS/d" /etc/sudoers
- echo "$* #ZIRLESS" >> /etc/sudoers ;}
+ if [ "$rootcmd" = "sudo" ]; then
+ if [ "$1" = "allnopass" ]; then
+ sed -i "/#ZIRLESS/d" /etc/sudoers
+ echo "%wheel ALL=(ALL) NOPASSWD: ALL #ZIRLESS" >> /etc/sudoers
+ elif [ "$1" = "newpass" ]; then
+ sed -i "/#ZIRLESS/d" /etc/sudoers
+ echo "%wheel ALL=(ALL) ALL #ZIRLESS
+%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown,/usr/bin/reboot,/usr/bin/mount,/usr/bin/umount,/usr/bin/pacman -Syu,/usr/bin/pacman -Syyu,/usr/bin/systemctl,/usr/bin/rc-service,/usr/bin/rc-update,/usr/bin/rsm,/usr/bin/sv,/usr/bin/s6-rc,/usr/bin/s6-rc-bundle-update,/usr/bin/pacman -Syyu --noconfirm,/usr/bin/loadkeys,/usr/bin/pacman -Syyuw --noconfirm #ZIRLESS" >> /etc/sudoers
+ fi
+ elif [ "$rootcmd" = "doas" ]; then
+ if [ "$1" = "allnopass" ]; then
+ sed -i "/#ZIRLESS/d" /etc/doas.conf
+ echo "permit :wheel nopass #ZIRLESS" >> /etc/doas.conf
+ elif [ "$1" = "newpass" ]; then
+ sed -i "/#ZIRLESS/d" /etc/doas.conf
+ echo "permit :wheel persist #ZIRLESS
+permit :wheel nopass cmd shutdown #ZIRLESS
+permit :wheel nopass cmd reboot #ZIRLESS
+permit :wheel nopass cmd mount #ZIRLESS
+permit :wheel nopass cmd umount #ZIRLESS
+permit :wheel nopass cmd pacman args -Syu #ZIRLESS
+permit :wheel nopass cmd pacman args -Syu --noconfirm #ZIRLESS
+permit :wheel nopass cmd pacman args -Syyu --noconfirm #ZIRLESS
+permit :wheel nopass cmd pacman args -Syyu #ZIRLESS
+permit :wheel nopass cmd pacman args -Syyuw #ZIRLESS
+permit :wheel nopass cmd rsm #ZIRLESS
+permit :wheel nopass cmd sv #ZIRLESS
+permit :wheel nopass cmd systemctl #ZIRLESS
+permit :wheel nopass cmd rc-service #ZIRLESS
+permit :wheel nopass cmd rc-update #ZIRLESS
+permit :wheel nopass cmd s6-rc #ZIRLESS
+permit :wheel nopass cmd s6-rc-bundle-update #ZIRLESS
+permit :wheel nopass cmd loadkeys #ZIRLESS" >> /etc/doas.conf
+ fi
+ fi ;}
artixaddarchrepos() { # Adds the Arch repos to Artix Linux (some ZIRLESS packages require it)
grep -q 'Artix' /etc/lsb-release && \
@@ -108,9 +142,9 @@ gitmakeinstall() {
progname="$(basename "$1" .git)"
dir="$repodir/$progname"
dialog --title "ZIRLESS Installation" --infobox "Installing \`$progname\` ($n of $total) via \`git\` and \`make\`. $(basename "$1") $2" 5 70
- sudo -u "$name" git clone --depth 1 "$1" "$dir" >/dev/null 2>&1 || { cd "$dir" || return 1 ; sudo -u "$name" git pull --force origin master;}
+ sudo -u "$name" git clone --depth 1 "$1" "$dir" >/dev/null 2>&1 || { cd "$dir" || return 1 ; $rootcmd -u "$name" git pull --force origin master;}
cd "$dir" || exit 1
- make >/dev/null 2>&1
+ sudo -u "$name" make >/dev/null 2>&1
make install >/dev/null 2>&1
cd /tmp || return 1 ;}
@@ -118,10 +152,10 @@ gitmakepkginstall() {
pkgname="$(basename "$1" .git)"
dir="$repodir/$progname"
dialog --title "ZIRLESS Installation" --infobox "Installing \`$progname\` ($n of $total) via \`git\` and \`makepkg\`. $(basename "$1") $2" 5 70
- sudo -u "$name" git clone --depth 1 "$1" "$dir" >/dev/null 2>&1 || { cd "$dir" || return 1 ; sudo -u "$name" git pull --forve origin master;}
+ $rootcmd -u "$name" git clone --depth 1 "$1" "$dir" >/dev/null 2>&1 || { cd "$dir" || return 1 ; $rootcmd -u "$name" git pull --force origin master;}
cd "$dir" || exit 1
- makepkg -si
- pacman -U *.pkg.tar.zst
+ $rootcmd -u "$name" makepkg -sc
+ pacman -U *.pkg.tar.*
cd /tmp || return 1 ;}
aurinstall() { \
@@ -207,9 +241,9 @@ adduserandpass || error "Error adding username and/or password."
[ -f /etc/sudoers.pacnew ] && cp /etc/sudoers.pacnew /etc/sudoers # Just in case
-# Allow user to run sudo without password. Since AUR programs must be installed
+# Allow user to run $rootcmd without password. Since AUR programs must be installed
# in a fakeroot environment, this is required for all builds with AUR.
-newperms "%wheel ALL=(ALL) NOPASSWD: ALL"
+newperms "allnopass"
# Make pacman and paru colorful and adds eye candy on the progress bar because why not.
grep -q "^Color" /etc/pacman.conf || sed -i "s/^#Color$/Color/" /etc/pacman.conf
@@ -220,16 +254,16 @@ sed -i "s/-j2/-j$(nproc)/;s/^#MAKEFLAGS/MAKEFLAGS/" /etc/makepkg.conf
manualinstall yay-bin || error "Failed to install AUR helper."
-artixaddarchrepos || error "Failed to add Arch Linux repos."
+artixaddarchrepos || error "Failed to add Arch Linux repos." && exit 5
# The command that does all the installing. Reads the progs.csv file and
# installs each needed program the way required. Be sure to run this only after
-# the user has been created and has priviledges to run sudo without a password
+# the user has been created and has priviledges to run $rootcmd without a password
# and all build dependencies are installed.
installationloop
dialog --title "ZIRLESS Installation" --infobox "Finally, installing \`libxft-bgra\` to enable color emoji in suckless software without crashes." 5 70
-yes | sudo -u "$name" $aurhelper -S libxft-bgra-git >/dev/null 2>&1
+yes | $rootcmd -u "$name" $aurhelper -S libxft-bgra-git >/dev/null 2>&1
# Install the dotfiles in the user's home directory
putgitrepo "$dotfilesrepo" "/home/$name" "$repobranch"
@@ -270,12 +304,11 @@ grep -q "OTHER_OPTS='-a pulseaudio -m alsa_seq -r 48000'" /etc/conf.d/fluidsynth
echo "OTHER_OPTS='-a pulseaudio -m alsa_seq -r 48000'" >> /etc/conf.d/fluidsynth
# Start/restart PulseAudio.
-pkill -15 -x 'pulseaudio'; sudo -u "$name" pulseaudio --start
+pkill -15 -x 'pulseaudio'; $rootcmd -u "$name" pulseaudio --start
# This line, overwriting the `newperms` command above will allow the user to run
# serveral important commands, `shutdown`, `reboot`, updating, etc. without a password.
-newperms "%wheel ALL=(ALL) ALL #ZIRLESS
-%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown,/usr/bin/reboot,/usr/bin/systemctl suspend,/usr/bin/wifi-menu,/usr/bin/mount,/usr/bin/umount,/usr/bin/pacman -Syu,/usr/bin/pacman -Syyu,/usr/bin/packer -Syu,/usr/bin/packer -Syyu,/usr/bin/systemctl restart NetworkManager,/usr/bin/rc-service NetworkManager restart,/usr/bin/pacman -Syyu --noconfirm,/usr/bin/loadkeys,/usr/bin/paru,/usr/bin/pacman -Syyuw --noconfirm"
+newperms "newpass"
# Last message! Install complete!
finalize