[pacman-dev] [PATCH] doas makepkg support

22 Feb 2021

The following patches should enable doas support for privilege
escalation in makepkg as well as document the absence thereof in
binary verification. As doas gained a little traction over the last
weeks and with its presence in the official repos it seems like a
cheap, yet beneficial patch to the featureset of makepkg. It might not
be an exhaustive patchset as I don't know all of makepkg's and
libmakepkg's intricacies, but it has been tested by me and seems to
work as expected. Nonetheless those patches should "point in the right
direction".
...
From 10ffa30e21e94801c444704362342610e49034ab Mon Sep 17 00:00:00 2001
From: Erich Ericson 
Date: Sun, 21 Feb 2021 01:12:04 +0100
Subject: [PATCH] doas privilege escalation in makepkg
Signed-off-by: Erich Ericson 
---
 scripts/makepkg.sh.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index b39433f3..47b3001d 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -232,6 +232,8 @@ run_pacman() {
         cmd=("$PACMAN_PATH" "${PACMAN_OPTS[@]}" "$@")
         if type -p sudo >/dev/null; then
             cmd=(sudo "${cmd[@]}")
+       elif type -p doas >/dev/null; then
+           cmd=(doas "${cmd[@]}")
         else
             cmd=(su root -c "$(printf '%q ' "${cmd[@]}")")
         fi
-- 
2.30.1
...
From 2a455f2adc1bc87ed6b1d23261c8f911a7cc066b Mon Sep 17 00:00:00 2001
From: Erich Ericson 
Date: Sun, 21 Feb 2021 17:35:26 +0100
Subject: [PATCH] add prompting support for doas binary
Signed-off-by: Erich Ericson 
---
 scripts/libmakepkg/executable/sudo.sh.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/libmakepkg/executable/sudo.sh.in
b/scripts/libmakepkg/executable/sudo.sh.in
index 9e50a76b..4d701946 100644
--- a/scripts/libmakepkg/executable/sudo.sh.in
+++ b/scripts/libmakepkg/executable/sudo.sh.in
@@ -29,8 +29,8 @@ executable_functions+=('executable_sudo')

 executable_sudo() {
     if (( DEP_BIN || RMDEPS || INSTALL )); then
-        if ! type -p sudo >/dev/null; then
-            warning "$(gettext "Cannot find the %s binary. Will use
%s to acquire root privileges.")" "sudo" "su"
+        if ! type -p sudo >/dev/null || ! type -p doas >/dev/null; then
+            warning "$(gettext "Cannot find neither the %s nor %s
binary. Will use %s to acquire root privileges.")" "sudo" "doas" "su"
         fi
     fi
 }
-- 
2.30.1

Erich "DaErich" Ericson

    