diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-06-15 00:55:44 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-06-15 00:55:44 +0100 |
| commit | 066df8cc91966a0fbe5b2a32c45ad984fd9ae468 (patch) | |
| tree | 97bdba4d5294f305791f48afabd8386c3f97091f /dot_config/waybar/executable_pacdiff-status.sh | |
| parent | bb607b3cdb027a2d02cf2111b8ee12dab172efad (diff) | |
| download | dotfiles-066df8cc91966a0fbe5b2a32c45ad984fd9ae468.tar.gz dotfiles-066df8cc91966a0fbe5b2a32c45ad984fd9ae468.tar.bz2 dotfiles-066df8cc91966a0fbe5b2a32c45ad984fd9ae468.zip | |
Use absolute editor commands under sudo
Resolve nvim before exporting editor and pager variables so sudo-rs env_keep does not depend on root's secure_path.
Update the Waybar pacdiff action to pass an absolute DIFFPROG through sudo.
Diffstat (limited to 'dot_config/waybar/executable_pacdiff-status.sh')
| -rwxr-xr-x | dot_config/waybar/executable_pacdiff-status.sh | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/dot_config/waybar/executable_pacdiff-status.sh b/dot_config/waybar/executable_pacdiff-status.sh index 92eb6a8..9712993 100755 --- a/dot_config/waybar/executable_pacdiff-status.sh +++ b/dot_config/waybar/executable_pacdiff-status.sh @@ -5,9 +5,9 @@ # from "no problems" to "non-zero" (i.e. on the post-`pacman -Syu` # settle), so you're nudged exactly once per upgrade wave. # -# Click handler runs `DIFFPROG='nvim -d' sudo pacdiff` in a floating -# ghostty. DIFFPROG is propagated through sudo-rs by the env_keep policy -# in etc/sudoers-rs (no -E needed — env_keep is unconditional pass-through). +# Click handler resolves nvim to an absolute path, then runs sudo pacdiff with +# DIFFPROG set to that absolute editor. sudo-rs keeps DIFFPROG, but root's +# secure_path deliberately does not include the user's nix profile. set -eu |