diff options
| -rwxr-xr-x | bootstrap.sh | 15 | ||||
| -rw-r--r-- | etc/pacman.conf | 4 | ||||
| -rwxr-xr-x | run_onchange_after_deploy-etc.sh.tmpl | 30 |
3 files changed, 29 insertions, 20 deletions
diff --git a/bootstrap.sh b/bootstrap.sh index ead79e6..17f7af4 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -67,16 +67,21 @@ else fi # 5. run just init — this deploys chezmoi, installs the 'base' meta list -# (which pulls in sudo-rs), deploys /etc/sudoers-rs and /etc/pam.d/sudo, -# creates /usr/local/bin/{sudo,su,visudo,sudoedit} symlinks pointing at +# (which pulls in sudo-rs), deploys /etc/sudoers-rs, /etc/pam.d/sudo, +# and the AssumeInstalled = sudo line in /etc/pacman.conf, creates +# /usr/local/bin/{sudo,su,visudo,sudoedit} symlinks pointing at # sudo-rs, and installs git hooks. -# The classic 'sudo' package installed in step 2 stays alongside -# sudo-rs as a safety net; remove it manually with `sudo pacman -Rns -# sudo` once you've verified `sudo --version` reports sudo-rs. cd "$DOTFILES_DIR" log 'running just init' just init +# 5b. remove the classic sudo package — base-devel's dependency is +# satisfied by the AssumeInstalled = sudo line written above. +if pacman -Qq sudo >/dev/null 2>&1 && pacman -Qq sudo-rs >/dev/null 2>&1; then + log 'removing classic sudo (sudo-rs takes over)' + sudo pacman -Rns --noconfirm sudo || warn 'failed to remove sudo; remove it manually later' +fi + # 6. refresh pacman mirrorlist once via reflector (config deployed by chezmoi) log 'refreshing pacman mirrorlist via reflector' sudo reflector @/etc/xdg/reflector/reflector.conf \ diff --git a/etc/pacman.conf b/etc/pacman.conf index f6e7e64..53b684a 100644 --- a/etc/pacman.conf +++ b/etc/pacman.conf @@ -16,6 +16,10 @@ #GPGDir = /etc/pacman.d/gnupg/ #HookDir = /etc/pacman.d/hooks/ HoldPkg = pacman glibc +# sudo-rs replaces sudo (memory-safe Rust rewrite). base-devel still +# lists sudo as a member, so pretend it's installed to keep pacman +# from pulling it in. See https://wiki.archlinux.org/title/Pacman#Skip_package_from_being_installed_to_system +AssumeInstalled = sudo=99.0 #XferCommand = /usr/bin/curl -L -C - -f -o %o %u #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u #CleanMethod = KeepInstalled diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl index 9ba10d2..3fdb42b 100755 --- a/run_onchange_after_deploy-etc.sh.tmpl +++ b/run_onchange_after_deploy-etc.sh.tmpl @@ -7,21 +7,21 @@ set -eu cd "$CHEZMOI_SOURCE_DIR" find etc -type f ! -name .ignore | while IFS= read -r src; do - case "$src" in - *.tmpl) - dest="/${src%.tmpl}" - tmp=$(mktemp) - chezmoi execute-template <"$src" >"$tmp" - sudo install -D -m 0644 -o root -g root "$tmp" "$dest" - rm -f "$tmp" - ;; - etc/sudoers-rs) - sudo install -D -m 0440 -o root -g root "$src" "/${src}" - ;; - *) - sudo install -D -m 0644 -o root -g root "$src" "/${src}" - ;; - esac + case "$src" in + *.tmpl) + dest="/${src%.tmpl}" + tmp=$(mktemp) + chezmoi execute-template <"$src" >"$tmp" + sudo install -D -m 0644 -o root -g root "$tmp" "$dest" + rm -f "$tmp" + ;; + etc/sudoers-rs) + sudo install -D -m 0440 -o root -g root "$src" "/${src}" + ;; + *) + sudo install -D -m 0644 -o root -g root "$src" "/${src}" + ;; + esac done # sudo-rs: /etc/pam.d/sudo-i is a symlink to /etc/pam.d/sudo |