1 files changed, 59 insertions, 0 deletions

diff --git a/dot_local/bin/executable_sudo b/dot_local/bin/executable_sudo
new file mode 100644
index 0000000..b643f34
--- /dev/null
+++ b/dot_local/bin/executable_sudo
@@ -0,0 +1,59 @@
+#!/bin/sh
+# sudo → doas shim that takes precedence over /usr/bin/sudo
+# (provided by doas-sudo-shim) by living in $HOME/.local/bin.
+#
+# Why a custom shim: opendoas does not implement `sudo -v` (extend the
+# auth timestamp without running a command). paru --sudoloop relies on
+# that to keep credentials fresh during long AUR builds; without it,
+# building gcc-git for an hour then mistyping the password at the install
+# step throws the whole build away. We translate the handful of sudo
+# flags paru / common scripts use into doas equivalents and swallow the
+# rest.
+#
+# Translations:
+#   -v / --validate     → doas true   (refresh persist timestamp)
+#   -k / -K             → doas -L     (clear persist timestamp)
+#   -n                  → doas -n
+#   -E -H -i -S         → silently dropped
+#   anything else       → doas "$@"
+
+set -eu
+
+forward=
+for arg; do
+	case $arg in
+		-v|--validate)
+			exec doas true
+			;;
+		-k|-K)
+			exec doas -L
+			;;
+		-h|--help)
+			exec doas -h
+			;;
+		-n)
+			forward="$forward -n"
+			;;
+		-E|-H|-i|-S|--preserve-env|--set-home|--login|--stdin)
+			# meaningless under doas; drop
+			;;
+		--)
+			shift
+			# shellcheck disable=SC2086
+			exec doas $forward "$@"
+			;;
+		-*)
+			# unknown flag — pass through and let doas complain
+			forward="$forward $arg"
+			;;
+		*)
+			# first non-flag: rest of argv is the command
+			# shellcheck disable=SC2086
+			exec doas $forward "$@"
+			;;
+	esac
+	shift
+done
+
+# Only flags, no command — treat as `sudo -v` semantics.
+exec doas true