The following patches should enable doas support for privilege escalation in makepkg as well as document the absence thereof in binary verification. As doas gained a little traction over the last weeks and with its presence in the official repos it seems like a cheap, yet beneficial patch to the featureset of makepkg. It might not be an exhaustive patchset as I don't know all of makepkg's and libmakepkg's intricacies, but it has been tested by me and seems to work as expected. Nonetheless those patches should "point in the right direction".
From 10ffa30e21e94801c444704362342610e49034ab Mon Sep 17 00:00:00 2001 From: Erich Ericson <fakefakefans@gmail.com> Date: Sun, 21 Feb 2021 01:12:04 +0100 Subject: [PATCH] doas privilege escalation in makepkg
Signed-off-by: Erich Ericson <fakefakefans@gmail.com> --- scripts/makepkg.sh.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index b39433f3..47b3001d 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -232,6 +232,8 @@ run_pacman() { cmd=("$PACMAN_PATH" "${PACMAN_OPTS[@]}" "$@") if type -p sudo >/dev/null; then cmd=(sudo "${cmd[@]}") + elif type -p doas >/dev/null; then + cmd=(doas "${cmd[@]}") else cmd=(su root -c "$(printf '%q ' "${cmd[@]}")") fi -- 2.30.1
From 2a455f2adc1bc87ed6b1d23261c8f911a7cc066b Mon Sep 17 00:00:00 2001 From: Erich Ericson <fakefakefans@gmail.com> Date: Sun, 21 Feb 2021 17:35:26 +0100 Subject: [PATCH] add prompting support for doas binary
Signed-off-by: Erich Ericson <fakefakefans@gmail.com> --- scripts/libmakepkg/executable/sudo.sh.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/libmakepkg/executable/sudo.sh.in b/scripts/libmakepkg/executable/sudo.sh.in index 9e50a76b..4d701946 100644 --- a/scripts/libmakepkg/executable/sudo.sh.in +++ b/scripts/libmakepkg/executable/sudo.sh.in @@ -29,8 +29,8 @@ executable_functions+=('executable_sudo') executable_sudo() { if (( DEP_BIN || RMDEPS || INSTALL )); then - if ! type -p sudo >/dev/null; then - warning "$(gettext "Cannot find the %s binary. Will use %s to acquire root privileges.")" "sudo" "su" + if ! type -p sudo >/dev/null || ! type -p doas >/dev/null; then + warning "$(gettext "Cannot find neither the %s nor %s binary. Will use %s to acquire root privileges.")" "sudo" "doas" "su" fi fi } -- 2.30.1 Erich "DaErich" Ericson