From 3d263bdbb48e7616a12af26ef094e5a416f9a735 Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Wed, 13 May 2026 13:43:31 +0100
Subject: feat(privesc): migrate from opendoas to sudo-rs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

doas's one-shot password and absent 'sudo -v' kept wasting hour-long
paru AUR builds. sudo-rs is a memory-safe Rust rewrite (ISRG/Ferrous
Systems), drop-in CLI compatible, and the same one Ubuntu 25.10 ships
as default. We follow the Arch wiki 'Using sudo-rs without the sudo
package' recipe verbatim — no custom shims.

- meta/base.txt: -doas-sudo-shim +sudo-rs
- etc/sudoers-rs (mode 0440): wiki minimal config + NOPASSWD reboot/poweroff
- etc/pam.d/sudo: 4-line copy of upstream sudo's PAM file
- run_onchange_after_deploy-etc.sh.tmpl: use real sudo, deploy sudoers-rs
  at 0440, create /etc/pam.d/sudo-i and /usr/local/bin/{sudo,sudoedit,
  su,visudo} → sudo-rs symlinks idempotently
- delete etc/doas.conf, dot_local/bin/{doasedit,sudo}
- zshrc: drop sudo=doas/sudoedit=doasedit aliases; rewrite ss/gimme/
  pacdiff/ssys to call sudo
- justfile: s/doas/sudo/g (status/diff/restore helpers)
- nvim: rename :DoasWrite → :SudoWrite (uses sudo -S)
- sway config: reboot/poweroff buttons call sudo
- bootstrap.sh: update step-5 comment
- README/KEYBINDS/copilot-instructions: flip the privesc convention

No Defaults overrides: sudo's defaults (passwd_tries=3,
timestamp_timeout=5) already fix the doas pain, and paru SudoLoop
(kept) refreshes the 5-min window via real sudo -v.
---
 dot_local/bin/executable_sudo | 59 -------------------------------------------
 1 file changed, 59 deletions(-)
 delete mode 100644 dot_local/bin/executable_sudo

(limited to 'dot_local/bin/executable_sudo')

diff --git a/dot_local/bin/executable_sudo b/dot_local/bin/executable_sudo
deleted file mode 100644
index b643f34..0000000
--- a/dot_local/bin/executable_sudo
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/bin/sh
-# sudo → doas shim that takes precedence over /usr/bin/sudo
-# (provided by doas-sudo-shim) by living in $HOME/.local/bin.
-#
-# Why a custom shim: opendoas does not implement `sudo -v` (extend the
-# auth timestamp without running a command). paru --sudoloop relies on
-# that to keep credentials fresh during long AUR builds; without it,
-# building gcc-git for an hour then mistyping the password at the install
-# step throws the whole build away. We translate the handful of sudo
-# flags paru / common scripts use into doas equivalents and swallow the
-# rest.
-#
-# Translations:
-#   -v / --validate     → doas true   (refresh persist timestamp)
-#   -k / -K             → doas -L     (clear persist timestamp)
-#   -n                  → doas -n
-#   -E -H -i -S         → silently dropped
-#   anything else       → doas "$@"
-
-set -eu
-
-forward=
-for arg; do
-	case $arg in
-		-v|--validate)
-			exec doas true
-			;;
-		-k|-K)
-			exec doas -L
-			;;
-		-h|--help)
-			exec doas -h
-			;;
-		-n)
-			forward="$forward -n"
-			;;
-		-E|-H|-i|-S|--preserve-env|--set-home|--login|--stdin)
-			# meaningless under doas; drop
-			;;
-		--)
-			shift
-			# shellcheck disable=SC2086
-			exec doas $forward "$@"
-			;;
-		-*)
-			# unknown flag — pass through and let doas complain
-			forward="$forward $arg"
-			;;
-		*)
-			# first non-flag: rest of argv is the command
-			# shellcheck disable=SC2086
-			exec doas $forward "$@"
-			;;
-	esac
-	shift
-done
-
-# Only flags, no command — treat as `sudo -v` semantics.
-exec doas true
-- 
cgit v1.3.1