diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:31 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:31 +0100 |
| commit | eeb3752074edcb110cd3709689e818b57fd2d2fd (patch) | |
| tree | 757dc45a5f840c8b76acf1906868d8e1c4bbbd72 /run_onchange_after_deploy-etc.sh.tmpl | |
| parent | 3d263bdbb48e7616a12af26ef094e5a416f9a735 (diff) | |
| download | dotfiles-eeb3752074edcb110cd3709689e818b57fd2d2fd.tar.gz dotfiles-eeb3752074edcb110cd3709689e818b57fd2d2fd.tar.bz2 dotfiles-eeb3752074edcb110cd3709689e818b57fd2d2fd.zip | |
feat(privesc): drop classic sudo via AssumeInstalled
base-devel hard-depends on the sudo package, so without help, pacman
refuses to remove it. The Arch-native fix is pacman.conf's
AssumeInstalled directive: tell pacman to pretend a virtual
sudo=99.0 is installed and base-devel's dep is satisfied without
actually pulling sudo in.
- etc/pacman.conf: AssumeInstalled = sudo=99.0
- bootstrap.sh: after 'just init' (which writes the AssumeInstalled
line and installs sudo-rs), Rns the leftover sudo package so a
fresh install ends up with sudo-rs only.
Also reformat bootstrap.sh and the etc deploy script with the
project's shfmt style (-i 2 -ci -s).
Diffstat (limited to 'run_onchange_after_deploy-etc.sh.tmpl')
| -rwxr-xr-x | run_onchange_after_deploy-etc.sh.tmpl | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl index 9ba10d2..3fdb42b 100755 --- a/run_onchange_after_deploy-etc.sh.tmpl +++ b/run_onchange_after_deploy-etc.sh.tmpl @@ -7,21 +7,21 @@ set -eu cd "$CHEZMOI_SOURCE_DIR" find etc -type f ! -name .ignore | while IFS= read -r src; do - case "$src" in - *.tmpl) - dest="/${src%.tmpl}" - tmp=$(mktemp) - chezmoi execute-template <"$src" >"$tmp" - sudo install -D -m 0644 -o root -g root "$tmp" "$dest" - rm -f "$tmp" - ;; - etc/sudoers-rs) - sudo install -D -m 0440 -o root -g root "$src" "/${src}" - ;; - *) - sudo install -D -m 0644 -o root -g root "$src" "/${src}" - ;; - esac + case "$src" in + *.tmpl) + dest="/${src%.tmpl}" + tmp=$(mktemp) + chezmoi execute-template <"$src" >"$tmp" + sudo install -D -m 0644 -o root -g root "$tmp" "$dest" + rm -f "$tmp" + ;; + etc/sudoers-rs) + sudo install -D -m 0440 -o root -g root "$src" "/${src}" + ;; + *) + sudo install -D -m 0644 -o root -g root "$src" "/${src}" + ;; + esac done # sudo-rs: /etc/pam.d/sudo-i is a symlink to /etc/pam.d/sudo |