diff options
| author | zachir <zachir@librem.one> | 2022-01-28 22:27:58 -0600 |
|---|---|---|
| committer | zachir <zachir@librem.one> | 2022-01-28 22:27:58 -0600 |
| commit | bc02677e03fd73dd991513abd76b8e25552d7662 (patch) | |
| tree | 73c4c783bdca0372fb88f3ef0f971cb928d636c1 | |
| parent | fee3e8b269f9c80a0323388b1572d02a44bde736 (diff) | |
allow using "doas" as root cmd (others unsupported)
| -rw-r--r-- | zirless.sh | 65 |
1 files changed, 49 insertions, 16 deletions
@@ -6,12 +6,13 @@ ### OPTIONS AND VARIABLES ### -while getopts ":a:r:b:p:h" o; do case "${o}" in +while getopts ":a:r:b:p:s:h" o; do case "${o}" in h) printf "Optional arguments for custom use:\\n -r: Dotfiles repository (local file or url)\\n -p: Dependencies and programs csv (local file or url)\\n -a: AUR helper (must have pacman-like syntax)\\n -h: Show this message\\n" && exit 1 ;; r) dotfilesrepo=${OPTARG} && git ls-remote "$dotfilesrepo" || exit 1 ;; b) repobranch=${OPTARG} ;; p) progsfile=${OPTARG} ;; a) aurhelper=${OPTARG} ;; + s) rootcmd=${OPTARG} ;; *) printf "Invalid option: -%s\\n" "$OPTARG" && exit 1 ;; esac done @@ -71,8 +72,41 @@ refreshkeys() { \ } newperms() { # Set special sudoers settings for install (or after). - sed -i "/#ZIRLESS/d" /etc/sudoers - echo "$* #ZIRLESS" >> /etc/sudoers ;} + if [ "$rootcmd" = "sudo" ]; then + if [ "$1" = "allnopass" ]; then + sed -i "/#ZIRLESS/d" /etc/sudoers + echo "%wheel ALL=(ALL) NOPASSWD: ALL #ZIRLESS" >> /etc/sudoers + elif [ "$1" = "newpass" ]; then + sed -i "/#ZIRLESS/d" /etc/sudoers + echo "%wheel ALL=(ALL) ALL #ZIRLESS +%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown,/usr/bin/reboot,/usr/bin/mount,/usr/bin/umount,/usr/bin/pacman -Syu,/usr/bin/pacman -Syyu,/usr/bin/systemctl,/usr/bin/rc-service,/usr/bin/rc-update,/usr/bin/rsm,/usr/bin/sv,/usr/bin/s6-rc,/usr/bin/s6-rc-bundle-update,/usr/bin/pacman -Syyu --noconfirm,/usr/bin/loadkeys,/usr/bin/pacman -Syyuw --noconfirm #ZIRLESS" >> /etc/sudoers + fi + elif [ "$rootcmd" = "doas" ]; then + if [ "$1" = "allnopass" ]; then + sed -i "/#ZIRLESS/d" /etc/doas.conf + echo "permit :wheel nopass #ZIRLESS" >> /etc/doas.conf + elif [ "$1" = "newpass" ]; then + sed -i "/#ZIRLESS/d" /etc/doas.conf + echo "permit :wheel persist #ZIRLESS +permit :wheel nopass cmd shutdown #ZIRLESS +permit :wheel nopass cmd reboot #ZIRLESS +permit :wheel nopass cmd mount #ZIRLESS +permit :wheel nopass cmd umount #ZIRLESS +permit :wheel nopass cmd pacman args -Syu #ZIRLESS +permit :wheel nopass cmd pacman args -Syu --noconfirm #ZIRLESS +permit :wheel nopass cmd pacman args -Syyu --noconfirm #ZIRLESS +permit :wheel nopass cmd pacman args -Syyu #ZIRLESS +permit :wheel nopass cmd pacman args -Syyuw #ZIRLESS +permit :wheel nopass cmd rsm #ZIRLESS +permit :wheel nopass cmd sv #ZIRLESS +permit :wheel nopass cmd systemctl #ZIRLESS +permit :wheel nopass cmd rc-service #ZIRLESS +permit :wheel nopass cmd rc-update #ZIRLESS +permit :wheel nopass cmd s6-rc #ZIRLESS +permit :wheel nopass cmd s6-rc-bundle-update #ZIRLESS +permit :wheel nopass cmd loadkeys #ZIRLESS" >> /etc/doas.conf + fi + fi ;} artixaddarchrepos() { # Adds the Arch repos to Artix Linux (some ZIRLESS packages require it) grep -q 'Artix' /etc/lsb-release && \ @@ -108,9 +142,9 @@ gitmakeinstall() { progname="$(basename "$1" .git)" dir="$repodir/$progname" dialog --title "ZIRLESS Installation" --infobox "Installing \`$progname\` ($n of $total) via \`git\` and \`make\`. $(basename "$1") $2" 5 70 - sudo -u "$name" git clone --depth 1 "$1" "$dir" >/dev/null 2>&1 || { cd "$dir" || return 1 ; sudo -u "$name" git pull --force origin master;} + sudo -u "$name" git clone --depth 1 "$1" "$dir" >/dev/null 2>&1 || { cd "$dir" || return 1 ; $rootcmd -u "$name" git pull --force origin master;} cd "$dir" || exit 1 - make >/dev/null 2>&1 + sudo -u "$name" make >/dev/null 2>&1 make install >/dev/null 2>&1 cd /tmp || return 1 ;} @@ -118,10 +152,10 @@ gitmakepkginstall() { pkgname="$(basename "$1" .git)" dir="$repodir/$progname" dialog --title "ZIRLESS Installation" --infobox "Installing \`$progname\` ($n of $total) via \`git\` and \`makepkg\`. $(basename "$1") $2" 5 70 - sudo -u "$name" git clone --depth 1 "$1" "$dir" >/dev/null 2>&1 || { cd "$dir" || return 1 ; sudo -u "$name" git pull --forve origin master;} + $rootcmd -u "$name" git clone --depth 1 "$1" "$dir" >/dev/null 2>&1 || { cd "$dir" || return 1 ; $rootcmd -u "$name" git pull --force origin master;} cd "$dir" || exit 1 - makepkg -si - pacman -U *.pkg.tar.zst + $rootcmd -u "$name" makepkg -sc + pacman -U *.pkg.tar.* cd /tmp || return 1 ;} aurinstall() { \ @@ -207,9 +241,9 @@ adduserandpass || error "Error adding username and/or password." [ -f /etc/sudoers.pacnew ] && cp /etc/sudoers.pacnew /etc/sudoers # Just in case -# Allow user to run sudo without password. Since AUR programs must be installed +# Allow user to run $rootcmd without password. Since AUR programs must be installed # in a fakeroot environment, this is required for all builds with AUR. -newperms "%wheel ALL=(ALL) NOPASSWD: ALL" +newperms "allnopass" # Make pacman and paru colorful and adds eye candy on the progress bar because why not. grep -q "^Color" /etc/pacman.conf || sed -i "s/^#Color$/Color/" /etc/pacman.conf @@ -220,16 +254,16 @@ sed -i "s/-j2/-j$(nproc)/;s/^#MAKEFLAGS/MAKEFLAGS/" /etc/makepkg.conf manualinstall yay-bin || error "Failed to install AUR helper." -artixaddarchrepos || error "Failed to add Arch Linux repos." +artixaddarchrepos || error "Failed to add Arch Linux repos." && exit 5 # The command that does all the installing. Reads the progs.csv file and # installs each needed program the way required. Be sure to run this only after -# the user has been created and has priviledges to run sudo without a password +# the user has been created and has priviledges to run $rootcmd without a password # and all build dependencies are installed. installationloop dialog --title "ZIRLESS Installation" --infobox "Finally, installing \`libxft-bgra\` to enable color emoji in suckless software without crashes." 5 70 -yes | sudo -u "$name" $aurhelper -S libxft-bgra-git >/dev/null 2>&1 +yes | $rootcmd -u "$name" $aurhelper -S libxft-bgra-git >/dev/null 2>&1 # Install the dotfiles in the user's home directory putgitrepo "$dotfilesrepo" "/home/$name" "$repobranch" @@ -270,12 +304,11 @@ grep -q "OTHER_OPTS='-a pulseaudio -m alsa_seq -r 48000'" /etc/conf.d/fluidsynth echo "OTHER_OPTS='-a pulseaudio -m alsa_seq -r 48000'" >> /etc/conf.d/fluidsynth # Start/restart PulseAudio. -pkill -15 -x 'pulseaudio'; sudo -u "$name" pulseaudio --start +pkill -15 -x 'pulseaudio'; $rootcmd -u "$name" pulseaudio --start # This line, overwriting the `newperms` command above will allow the user to run # serveral important commands, `shutdown`, `reboot`, updating, etc. without a password. -newperms "%wheel ALL=(ALL) ALL #ZIRLESS -%wheel ALL=(ALL) NOPASSWD: /usr/bin/shutdown,/usr/bin/reboot,/usr/bin/systemctl suspend,/usr/bin/wifi-menu,/usr/bin/mount,/usr/bin/umount,/usr/bin/pacman -Syu,/usr/bin/pacman -Syyu,/usr/bin/packer -Syu,/usr/bin/packer -Syyu,/usr/bin/systemctl restart NetworkManager,/usr/bin/rc-service NetworkManager restart,/usr/bin/pacman -Syyu --noconfirm,/usr/bin/loadkeys,/usr/bin/paru,/usr/bin/pacman -Syyuw --noconfirm" +newperms "newpass" # Last message! Install complete! finalize |