[pacman-dev] doas makepkg support

Message ID CAAbMo8hMZSWbJ++OCwf_agzxWSq9HEzwE0ALAv1j1fx2pp-DwQ@mail.gmail.com
State New
Headers show
Series [pacman-dev] doas makepkg support | expand

Commit Message

Erich Ericson Feb. 22, 2021, 3:07 p.m. UTC
The following patches should enable doas support for privilege
escalation in makepkg as well as document the absence thereof in
binary verification. As doas gained a little traction over the last
weeks and with its presence in the official repos it seems like a
cheap, yet beneficial patch to the featureset of makepkg. It might not
be an exhaustive patchset as I don't know all of makepkg's and
libmakepkg's intricacies, but it has been tested by me and seems to
work as expected. Nonetheless those patches should "point in the right
direction".

From 10ffa30e21e94801c444704362342610e49034ab Mon Sep 17 00:00:00 2001
From: Erich Ericson <fakefakefans@gmail.com>
Date: Sun, 21 Feb 2021 01:12:04 +0100
Subject: [PATCH] doas privilege escalation in makepkg

Signed-off-by: Erich Ericson <fakefakefans@gmail.com>
---
 scripts/makepkg.sh.in | 2 ++
 1 file changed, 2 insertions(+)

     fi
 }

Comments

Emil Velikov Feb. 23, 2021, 3:03 p.m. UTC | #1
Hi Erich,

On Mon, 22 Feb 2021 at 15:08, Erich Ericson <fakefakefans@gmail.com> wrote:
>
> The following patches should enable doas support for privilege
> escalation in makepkg as well as document the absence thereof in
> binary verification. As doas gained a little traction over the last
> weeks and with its presence in the official repos it seems like a
> cheap, yet beneficial patch to the featureset of makepkg. It might not
> be an exhaustive patchset as I don't know all of makepkg's and
> libmakepkg's intricacies, but it has been tested by me and seems to
> work as expected. Nonetheless those patches should "point in the right
> direction".
>
Disclaimer: A casual pacman contributor, so take this with a grain of salt.

From pacman POV, diversity makes sense.

Although looking at it from Arch side of things, I see a few tidbits:
 - doas is relatively new - landed in 2019
 - community package, while pacman is core (and all it's other deps are core)
 - no wiki page

I don't see a patch which mentions doas in the makepkg manpage?
Perhaps we should add something... might even mention sudo/su while in
there ;-)

HTH
Emil
Allan McRae Feb. 24, 2021, 12:37 p.m. UTC | #2
On 23/2/21 1:07 am, Erich Ericson wrote:
> The following patches should enable doas support for privilege
> escalation in makepkg as well as document the absence thereof in
> binary verification. As doas gained a little traction over the last
> weeks and with its presence in the official repos it seems like a
> cheap, yet beneficial patch to the featureset of makepkg. It might not
> be an exhaustive patchset as I don't know all of makepkg's and
> libmakepkg's intricacies, but it has been tested by me and seems to
> work as expected. Nonetheless those patches should "point in the right
> direction".
> 

My understanding was that Eli has a patch in the works that allowed
configuring the command for privilege escalation in makepkg.conf.  This
is my preferred approach as it avoids adding the new hotness in the future.

Allan
Erich Ericson Feb. 26, 2021, 4:43 p.m. UTC | #3
Hi everyone,
first off, thanks for the constructive feedback on my proposal. I know
that opendoas is quite new in the field and, being an OpenBSD project,
is only documented in the manpages. Even the ArchWiki-Team seems to
only  link to OpenBSD for documentation matters. But with all the
rethinking of certain facilities, take iwd for wpa_supplicant, or
systemd-networkd for certain networkmanager-applications, I felt it
was a good idea to bring opendoas in scope as revamped "diet" sudo.
But taking in consideration that certain features seem to be not fully
shaped out yet, I see that it would have been too early including it
in a core-application.
Anyway if there is already a patch en route to softcode future
elevation techniques, that's even better than Hardcoding another bash
command into the script. I am looking forward to making good use of
that patch!

Cheers,
DaErich

Am Mi., 24. Feb. 2021 um 13:38 Uhr schrieb Allan McRae <allan@archlinux.org>:
>
> On 23/2/21 1:07 am, Erich Ericson wrote:
> > The following patches should enable doas support for privilege
> > escalation in makepkg as well as document the absence thereof in
> > binary verification. As doas gained a little traction over the last
> > weeks and with its presence in the official repos it seems like a
> > cheap, yet beneficial patch to the featureset of makepkg. It might not
> > be an exhaustive patchset as I don't know all of makepkg's and
> > libmakepkg's intricacies, but it has been tested by me and seems to
> > work as expected. Nonetheless those patches should "point in the right
> > direction".
> >
>
> My understanding was that Eli has a patch in the works that allowed
> configuring the command for privilege escalation in makepkg.conf.  This
> is my preferred approach as it avoids adding the new hotness in the future.
>
> Allan
Eli Schwartz Feb. 26, 2021, 7:17 p.m. UTC | #4
On 2/24/21 7:37 AM, Allan McRae wrote:
> On 23/2/21 1:07 am, Erich Ericson wrote:
>> The following patches should enable doas support for privilege
>> escalation in makepkg as well as document the absence thereof in
>> binary verification. As doas gained a little traction over the last
>> weeks and with its presence in the official repos it seems like a
>> cheap, yet beneficial patch to the featureset of makepkg. It might not
>> be an exhaustive patchset as I don't know all of makepkg's and
>> libmakepkg's intricacies, but it has been tested by me and seems to
>> work as expected. Nonetheless those patches should "point in the right
>> direction".
>>
> 
> My understanding was that Eli has a patch in the works that allowed
> configuring the command for privilege escalation in makepkg.conf.  This
> is my preferred approach as it avoids adding the new hotness in the future.

Yes, this is just https://bugs.archlinux.org/task/68985 which was
already rejected as overly specific.

I have WIP stuff, the general gist of which looks like this:

https://git.archlinux.org/users/eschwartz/pacman.git/log/?h=queue2&qt=grep&q=PACMAN_AUTH

It will prefer:

- PACMAN_AUTH=() in makepkg.conf, if defined
  (bring-your-own-auth, popular flavors of the day include doas, pkexec)
- hardcoded sudo, if installed
- hardcoded su

...

Yes, I should get off my butt, finish+document it, test it, submit it
etc. -- which will happen Soon™. Definitely before 6.0.0 final release.

Admittedly, I started this on 2019-11-26 and still didn't get around to
finishing it. But, given the opendoas fans are increasingly showing
interest in it, I've already determined that it's time to dust this off
and polish it up.

Patch

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index b39433f3..47b3001d 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -232,6 +232,8 @@  run_pacman() {
         cmd=("$PACMAN_PATH" "${PACMAN_OPTS[@]}" "$@")
         if type -p sudo >/dev/null; then
             cmd=(sudo "${cmd[@]}")
+       elif type -p doas >/dev/null; then
+           cmd=(doas "${cmd[@]}")
         else
             cmd=(su root -c "$(printf '%q ' "${cmd[@]}")")
         fi
-- 
2.30.1

From 2a455f2adc1bc87ed6b1d23261c8f911a7cc066b Mon Sep 17 00:00:00 2001
From: Erich Ericson <fakefakefans@gmail.com>
Date: Sun, 21 Feb 2021 17:35:26 +0100
Subject: [PATCH] add prompting support for doas binary

Signed-off-by: Erich Ericson <fakefakefans@gmail.com>
---
 scripts/libmakepkg/executable/sudo.sh.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/libmakepkg/executable/sudo.sh.in
b/scripts/libmakepkg/executable/sudo.sh.in
index 9e50a76b..4d701946 100644
--- a/scripts/libmakepkg/executable/sudo.sh.in
+++ b/scripts/libmakepkg/executable/sudo.sh.in
@@ -29,8 +29,8 @@  executable_functions+=('executable_sudo')

 executable_sudo() {
     if (( DEP_BIN || RMDEPS || INSTALL )); then
-        if ! type -p sudo >/dev/null; then
-            warning "$(gettext "Cannot find the %s binary. Will use
%s to acquire root privileges.")" "sudo" "su"
+        if ! type -p sudo >/dev/null || ! type -p doas >/dev/null; then
+            warning "$(gettext "Cannot find neither the %s nor %s
binary. Will use %s to acquire root privileges.")" "sudo" "doas" "su"
         fi