Github messages for voidlinux
 help / color / mirror / Atom feed
* [ISSUE] Automatically detect `XBPS_SUCMD` if not set
@ 2022-07-14 21:32 paper42
  2022-10-13  2:15 ` github-actions
                   ` (8 more replies)
  0 siblings, 9 replies; 10+ messages in thread
From: paper42 @ 2022-07-14 21:32 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 357 bytes --]

New issue by paper42 on void-packages repository

https://github.com/void-linux/void-packages/issues/38075

Description:
`XBPS_SUCMD` is used for example for build updates with `update-sys`. Currently it's set to `sudo sh -c` in etc/defaults.conf, but we could comment it out and automatically detect common privilege escalation tools - sudo, doas, su (?).

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Automatically detect `XBPS_SUCMD` if not set
  2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
@ 2022-10-13  2:15 ` github-actions
  2023-01-12  2:28 ` github-actions
                   ` (7 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: github-actions @ 2022-10-13  2:15 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 293 bytes --]

New comment by github-actions[bot] on void-packages repository

https://github.com/void-linux/void-packages/issues/38075#issuecomment-1276935483

Comment:
Issues become stale 90 days after last activity and are closed 14 days after that.  If this issue is still relevant bump it or assign it.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Automatically detect `XBPS_SUCMD` if not set
  2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
  2022-10-13  2:15 ` github-actions
@ 2023-01-12  2:28 ` github-actions
  2023-05-16 15:19 ` Clos3y
                   ` (6 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: github-actions @ 2023-01-12  2:28 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 293 bytes --]

New comment by github-actions[bot] on void-packages repository

https://github.com/void-linux/void-packages/issues/38075#issuecomment-1379733191

Comment:
Issues become stale 90 days after last activity and are closed 14 days after that.  If this issue is still relevant bump it or assign it.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Automatically detect `XBPS_SUCMD` if not set
  2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
  2022-10-13  2:15 ` github-actions
  2023-01-12  2:28 ` github-actions
@ 2023-05-16 15:19 ` Clos3y
  2023-05-16 16:24 ` classabbyamp
                   ` (5 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: Clos3y @ 2023-05-16 15:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 533 bytes --]

New comment by Clos3y on void-packages repository

https://github.com/void-linux/void-packages/issues/38075#issuecomment-1549881429

Comment:
I'd love to see this implemented! Would something as naive as
```
SUCMDS=( su sudo doas )

for prog in "${SUCMDS[@]}"
do
[[ $(command -v $prog) ]] && export XBPS_SUCMD="$prog sh -c"
done
```
work? I don't know what other privilege escalation tools people use, but at least with these three, you can be mostly assured that if someone has `doas` installed, they're probably using it.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Automatically detect `XBPS_SUCMD` if not set
  2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
                   ` (2 preceding siblings ...)
  2023-05-16 15:19 ` Clos3y
@ 2023-05-16 16:24 ` classabbyamp
  2023-05-16 20:55 ` Clos3y
                   ` (4 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: classabbyamp @ 2023-05-16 16:24 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 249 bytes --]

New comment by classabbyamp on void-packages repository

https://github.com/void-linux/void-packages/issues/38075#issuecomment-1549989541

Comment:
you need to check if there's a matching rule for sudo/doas too, see what xtools does for some things

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Automatically detect `XBPS_SUCMD` if not set
  2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
                   ` (3 preceding siblings ...)
  2023-05-16 16:24 ` classabbyamp
@ 2023-05-16 20:55 ` Clos3y
  2023-05-16 22:07 ` Duncaen
                   ` (3 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: Clos3y @ 2023-05-16 20:55 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 739 bytes --]

New comment by Clos3y on void-packages repository

https://github.com/void-linux/void-packages/issues/38075#issuecomment-1550349494

Comment:
> you need to check if there's a matching rule for sudo/doas too, see what xtools does for some things

Taking this from `xi`
```
which_sudo() {
	if [ "$(id -u)" = "0" ]; then
		return
	elif command -v sudo >/dev/null && sudo -l | grep -q -e ' ALL$' -e xbps-install; then
		echo sudo
	elif command -v doas >/dev/null && [ -f /etc/doas.conf ]; then
		echo doas
	else
		echo su
	fi
}
```
putting it into the header of `xbps-src`, and changing `xbps-src:1003` to `XBPS_SUCMD="$(which_sudo) sh -c" bulk_update` works. Seems to be the only place `XBPS_SUCMD` is used too at the moment.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Automatically detect `XBPS_SUCMD` if not set
  2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
                   ` (4 preceding siblings ...)
  2023-05-16 20:55 ` Clos3y
@ 2023-05-16 22:07 ` Duncaen
  2023-05-16 22:09 ` Duncaen
                   ` (2 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: Duncaen @ 2023-05-16 22:07 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 440 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/issues/38075#issuecomment-1550417905

Comment:
please don't put this anywhere where it will be executed each xbps-src invocation. There are tools that execute xbps-src in a loop on many packages to gather dependencies and each fork is expensive, this function would add a bunch of forks for something that is only required for one sub command.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Automatically detect `XBPS_SUCMD` if not set
  2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
                   ` (5 preceding siblings ...)
  2023-05-16 22:07 ` Duncaen
@ 2023-05-16 22:09 ` Duncaen
  2023-05-17  8:07 ` Clos3y
  2023-05-17 21:18 ` Clos3y
  8 siblings, 0 replies; 10+ messages in thread
From: Duncaen @ 2023-05-16 22:09 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 656 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/issues/38075#issuecomment-1550417905

Comment:
please don't put this anywhere where it will be executed each xbps-src invocation. There are tools that execute xbps-src in a loop on many packages to gather dependencies and each fork is expensive, this function would add a bunch of forks for something that is only required for one sub command.

Edit: I guess putting it on line 1003 would be fine. Generally I would prefer less magic or a way to disable this magic and put it where its required i.e. the bulk.sh file instead of adding it to the main script.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Automatically detect `XBPS_SUCMD` if not set
  2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
                   ` (6 preceding siblings ...)
  2023-05-16 22:09 ` Duncaen
@ 2023-05-17  8:07 ` Clos3y
  2023-05-17 21:18 ` Clos3y
  8 siblings, 0 replies; 10+ messages in thread
From: Clos3y @ 2023-05-17  8:07 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 865 bytes --]

New comment by Clos3y on void-packages repository

https://github.com/void-linux/void-packages/issues/38075#issuecomment-1550349494

Comment:
> you need to check if there's a matching rule for sudo/doas too, see what xtools does for some things

Taking this from `xi`
```
which_sudo() {
	if [ "$(id -u)" = "0" ]; then
		return
	elif command -v sudo >/dev/null && sudo -l | grep -q -e ' ALL$' -e xbps-install; then
		echo sudo
	elif command -v doas >/dev/null && [ -f /etc/doas.conf ]; then
		echo doas
	else
		echo su
	fi
}
```
putting it into the header of `xbps-src`, and changing `xbps-src:1003` to `XBPS_SUCMD="$(which_sudo) sh -c" bulk_update` works. Seems to be the only place `XBPS_SUCMD` is used too at the moment.

**EDIT**: forgot that `su` would need to be treated differently, so it should probably be `echo su root -c` not `echo su`.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Automatically detect `XBPS_SUCMD` if not set
  2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
                   ` (7 preceding siblings ...)
  2023-05-17  8:07 ` Clos3y
@ 2023-05-17 21:18 ` Clos3y
  8 siblings, 0 replies; 10+ messages in thread
From: Clos3y @ 2023-05-17 21:18 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 444 bytes --]

New comment by Clos3y on void-packages repository

https://github.com/void-linux/void-packages/issues/38075#issuecomment-1552100550

Comment:
> Generally I would prefer less magic or a way to disable this magic

What do you mean by less 'magic', sorry? As in fewer scripts trying to be clever?

> put it where its required i.e. the bulk.sh file instead of adding it to the main script.

Yeah that makes sense. It works fine in `bulk.sh`.

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2023-05-17 21:18 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-14 21:32 [ISSUE] Automatically detect `XBPS_SUCMD` if not set paper42
2022-10-13  2:15 ` github-actions
2023-01-12  2:28 ` github-actions
2023-05-16 15:19 ` Clos3y
2023-05-16 16:24 ` classabbyamp
2023-05-16 20:55 ` Clos3y
2023-05-16 22:07 ` Duncaen
2023-05-16 22:09 ` Duncaen
2023-05-17  8:07 ` Clos3y
2023-05-17 21:18 ` Clos3y

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).