~mil/sxmo-devel

sxmo-utils: doas: replace sxmo-utils sudo with $ROOTCMD v2 NEEDS REVISION

noneofyourbusiness: 1
 doas: replace sxmo-utils sudo with $ROOTCMD

 9 files changed, 18 insertions(+), 12 deletions(-)
#559881 .build.yml failed
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~mil/sxmo-devel/patches/24191/mbox | git am -3
Learn more about email & git
View this thread in the archives

[PATCH sxmo-utils v2] doas: replace sxmo-utils sudo with $ROOTCMD Export this patch

---
same as v1, except doas can be run by users of wheel group without password -
didn't find a way to include a directory of configs, but this would be an alternative
as sudo/doas don't provide much if any security against third parties


 Makefile                                 | 3 ++-
 configs/appcfg/xinit_template            | 3 +++
 configs/doas/doas.conf                   | 1 +
 scripts/core/sxmo_appmenu.sh             | 6 +++---
 scripts/core/sxmo_timezonechange.sh      | 2 +-
 scripts/core/sxmo_upgrade.sh             | 4 ++--
 scripts/core/sxmo_wifitoggle.sh          | 2 +-
 scripts/core/sxmo_xinit.sh               | 1 +
 scripts/modem/sxmo_modemmonitortoggle.sh | 8 ++++----
 9 files changed, 18 insertions(+), 12 deletions(-)
 create mode 100644 configs/doas/doas.conf

diff --git a/Makefile b/Makefile
index 0fde409..5e0abd6 100644
--- a/Makefile
+++ b/Makefile
@@ -39,7 +39,8 @@ install: $(PROGRAMS)

	install -D -m 0644 -t $(DESTDIR)/etc/udev/rules.d/ configs/udev/*.rules

	install -D -m 0700 -t $(DESTDIR)/etc/sudoers.d/ configs/sudo/*
	command -v doas >/dev/null && cat configs/doas/* | tee -a $(DESTDIR)/etc/doas.conf && \
	chmod 0700 $(DESTDIR)/etc/doas.conf || install -D -m 0700 -t $(DESTDIR)/etc/sudoers.d/ configs/sudo/*

	install -D -m 0644 -t $(DESTDIR)$(PREFIX)/share/applications/ configs/xdg/mimeapps.list

diff --git a/configs/appcfg/xinit_template b/configs/appcfg/xinit_template
index f0f102f..341b54f 100644
--- a/configs/appcfg/xinit_template
+++ b/configs/appcfg/xinit_template
@@ -51,6 +51,9 @@ command -v firefox && export BROWSER=firefox
# Change the default terminal command
# export TERMCMD="st -e"

# Change the suid command
# export ROOTCMD="sudo"

# Immediately turn the screen off when locking the device
# (e.g. disables blue led / screen on lock mode all together)
#export SXMO_LOCK_SCREEN_OFF=1
diff --git a/configs/doas/doas.conf b/configs/doas/doas.conf
new file mode 100644
index 0000000..9bc47f0
--- /dev/null
+++ b/configs/doas/doas.conf
@@ -0,0 +1 @@
	permit nopass keepenv :wheel
\ No newline at end of file
diff --git a/scripts/core/sxmo_appmenu.sh b/scripts/core/sxmo_appmenu.sh
index ba3f38a..3b9c823 100755
--- a/scripts/core/sxmo_appmenu.sh
+++ b/scripts/core/sxmo_appmenu.sh
@@ -146,7 +146,7 @@ programchoicesinit() {
			$icon_wif Wifi $(
				rfkill -rn | grep wlan | grep -qE "unblocked unblocked" &&
				printf %b "On → Off" ||  printf %b "Off → On";
				printf %b "^ 1 ^ sudo sxmo_wifitoggle.sh"
				printf %b "^ 1 ^ "$ROOTCMD" sxmo_wifitoggle.sh"
			)
			$icon_fll Flashlight $(
				grep -qE '^0$' /sys/class/leds/white:flash/brightness &&
@@ -191,8 +191,8 @@ programchoicesinit() {
			$icon_lck Lock (Screen off)  ^ 0 ^ sxmo_screenlock.sh off
			$icon_zzz Suspend            ^ 0 ^ sxmo_screenlock.sh lock && sxmo_screenlock.sh crust
			$icon_out Logout             ^ 0 ^ confirm Logout && pkill -9 dwm
			$icon_rld Reboot             ^ 0 ^ confirm Reboot && sxmo_terminal.sh sudo reboot
			$icon_pwr Poweroff           ^ 0 ^ confirm Poweroff && sxmo_terminal.sh sudo poweroff
			$icon_rld Reboot             ^ 0 ^ confirm Reboot && sxmo_terminal.sh "$ROOTCMD" reboot
			$icon_pwr Poweroff           ^ 0 ^ confirm Poweroff && sxmo_terminal.sh "$ROOTCMD" poweroff
		"
		WINNAME="Power"
		;;
diff --git a/scripts/core/sxmo_timezonechange.sh b/scripts/core/sxmo_timezonechange.sh
index 31e8d31..4681960 100755
--- a/scripts/core/sxmo_timezonechange.sh
+++ b/scripts/core/sxmo_timezonechange.sh
@@ -2,7 +2,7 @@

change() {
	echo "Changing timezone to $1"
	sudo setup-timezone -z "$1"
	"$ROOTCMD" setup-timezone -z "$1"
	sxmo_statusbarupdate.sh
	echo Timezone changed ok
	read -r
diff --git a/scripts/core/sxmo_upgrade.sh b/scripts/core/sxmo_upgrade.sh
index e8623f7..c1002f8 100755
--- a/scripts/core/sxmo_upgrade.sh
+++ b/scripts/core/sxmo_upgrade.sh
@@ -4,10 +4,10 @@
. "$(dirname "$0")/sxmo_common.sh"

echo "Updating all packages from repositories"
sudo apk update
"$ROOTCMD" apk update

echo "Upgrading all packages"
sudo apk upgrade
"$ROOTCMD" apk upgrade

echo "Upgrade complete - reboot for all changes to take effect"
read -r
diff --git a/scripts/core/sxmo_wifitoggle.sh b/scripts/core/sxmo_wifitoggle.sh
index f25fc7f..28ceccf 100755
--- a/scripts/core/sxmo_wifitoggle.sh
+++ b/scripts/core/sxmo_wifitoggle.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env sh

# Note: this script should be run as root via sudo
# Note: this script should be run as root via doas or root

[ -n "$WLAN_MODULE" ] || WLAN_MODULE="8723cs"

diff --git a/scripts/core/sxmo_xinit.sh b/scripts/core/sxmo_xinit.sh
index 9e6d2ac..98a49c1 100755
--- a/scripts/core/sxmo_xinit.sh
+++ b/scripts/core/sxmo_xinit.sh
@@ -7,6 +7,7 @@ envvars() {
	# shellcheck source=/dev/null
	[ -f "$HOME"/.profile ] && . "$HOME"/.profile
	command -v "$TERMCMD" || export TERMCMD="st -e"
	command -v "$ROOTCMD" || export ROOTCMD="doas"
	command -v "$BROWSER" || export BROWSER=surf
	command -v "$EDITOR" || export EDITOR=vis
	command -v "$SHELL" || export SHELL=/bin/sh
diff --git a/scripts/modem/sxmo_modemmonitortoggle.sh b/scripts/modem/sxmo_modemmonitortoggle.sh
index db9efae..21ef732 100755
--- a/scripts/modem/sxmo_modemmonitortoggle.sh
+++ b/scripts/modem/sxmo_modemmonitortoggle.sh
@@ -15,15 +15,15 @@ if [ "$1" = "reset" ]; then
	echo "sxmo_modemmonitortoggle: forcing modem reset">&2
	notify-send "Resetting modem, this may take a minute..."
	pkill -TERM -f sxmo_modemmonitor.sh
	sudo rc-service modemmanager stop
	sudo rc-service eg25-manager stop
	"$ROOTCMD" rc-service modemmanager stop
	"$ROOTCMD" rc-service eg25-manager stop
	sleep 5
	while ! rc-service eg25-manager status | grep -q started; do
		sudo rc-service eg25-manager start
		"$ROOTCMD" rc-service eg25-manager start
		sleep 2
	done
	sleep 5
	sudo rc-service modemmanager start
	"$ROOTCMD" rc-service modemmanager start
	sleep 30
	setsid -f sxmo_modemmonitor.sh &
elif [ "$1" != "on" ] && pgrep -f sxmo_modemmonitor.sh; then
--
2.31.1
Hi!