From eeb3752074edcb110cd3709689e818b57fd2d2fd Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Wed, 13 May 2026 13:43:31 +0100
Subject: feat(privesc): drop classic sudo via AssumeInstalled

base-devel hard-depends on the sudo package, so without help, pacman
refuses to remove it. The Arch-native fix is pacman.conf's
AssumeInstalled directive: tell pacman to pretend a virtual
sudo=99.0 is installed and base-devel's dep is satisfied without
actually pulling sudo in.

- etc/pacman.conf: AssumeInstalled = sudo=99.0
- bootstrap.sh: after 'just init' (which writes the AssumeInstalled
  line and installs sudo-rs), Rns the leftover sudo package so a
  fresh install ends up with sudo-rs only.

Also reformat bootstrap.sh and the etc deploy script with the
project's shfmt style (-i 2 -ci -s).
---
 run_onchange_after_deploy-etc.sh.tmpl | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

(limited to 'run_onchange_after_deploy-etc.sh.tmpl')

diff --git a/run_onchange_after_deploy-etc.sh.tmpl b/run_onchange_after_deploy-etc.sh.tmpl
index 9ba10d2..3fdb42b 100755
--- a/run_onchange_after_deploy-etc.sh.tmpl
+++ b/run_onchange_after_deploy-etc.sh.tmpl
@@ -7,21 +7,21 @@ set -eu
 
 cd "$CHEZMOI_SOURCE_DIR"
 find etc -type f ! -name .ignore | while IFS= read -r src; do
-	case "$src" in
-	*.tmpl)
-		dest="/${src%.tmpl}"
-		tmp=$(mktemp)
-		chezmoi execute-template <"$src" >"$tmp"
-		sudo install -D -m 0644 -o root -g root "$tmp" "$dest"
-		rm -f "$tmp"
-		;;
-	etc/sudoers-rs)
-		sudo install -D -m 0440 -o root -g root "$src" "/${src}"
-		;;
-	*)
-		sudo install -D -m 0644 -o root -g root "$src" "/${src}"
-		;;
-	esac
+  case "$src" in
+    *.tmpl)
+      dest="/${src%.tmpl}"
+      tmp=$(mktemp)
+      chezmoi execute-template <"$src" >"$tmp"
+      sudo install -D -m 0644 -o root -g root "$tmp" "$dest"
+      rm -f "$tmp"
+      ;;
+    etc/sudoers-rs)
+      sudo install -D -m 0440 -o root -g root "$src" "/${src}"
+      ;;
+    *)
+      sudo install -D -m 0644 -o root -g root "$src" "/${src}"
+      ;;
+  esac
 done
 
 # sudo-rs: /etc/pam.d/sudo-i is a symlink to /etc/pam.d/sudo
-- 
cgit v1.3.1