[pacman-dev] [PATCH] makepkg: add PACMAN_AUTH configurable setting for sudo elevation

Mon Mar 22 03:14:52 UTC 2021

If specified, this will be used no matter what. If not, then we check if
sudo exists and use that, or else fall back on su.

Implements FS#32621

Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
---
 doc/makepkg.conf.5.asciidoc |  8 ++++++++
 etc/makepkg.conf.in         |  7 +++++++
 scripts/makepkg.sh.in       | 13 ++++++++++---
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/doc/makepkg.conf.5.asciidoc b/doc/makepkg.conf.5.asciidoc
index 2c7a54dbf..398529158 100644
--- a/doc/makepkg.conf.5.asciidoc
+++ b/doc/makepkg.conf.5.asciidoc
@@ -278,6 +278,14 @@ Options
 	`.tar.lzo`, `.tar.lrz`, `.tar.lz4`, `.tar.lz` and `.tar.Z`, or
 	simply `.tar` to disable compression entirely.
 
+**PACMAN_AUTH=()**::
+	Specify a command prefix for running pacman as root. If unset, makepkg will
+	check for the presence of sudo(8) and su(1) in turn, and try the first one
+	it finds.
+	+
+	If present, `%q` will be replaced with the shell-quoted form of the command
+	to run. Otherwise, the command to run is appended to the auth command.
+
 
 
 See Also
diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in
index 43a69df66..fff5b8eb2 100644
--- a/etc/makepkg.conf.in
+++ b/etc/makepkg.conf.in
@@ -147,3 +147,10 @@ COMPRESSLZ=(lzip -c -f)
 #
 PKGEXT='@PKGEXT@'
 SRCEXT='@SRCEXT@'
+
+#########################################################################
+# OTHER
+#########################################################################
+#
+#-- Command used to run pacman as root, instead of trying sudo and su
+PACMAN_AUTH=()
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index f4a2de7d4..a0cd1a4fb 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -225,15 +225,22 @@ missing_source_file() {
 }
 
 run_pacman() {
-	local cmd
+	local cmd cmdescape
 	if [[ $1 = -@(T|Q)*([[:alpha:]]) ]]; then
 		cmd=("$PACMAN_PATH" "$@")
 	else
 		cmd=("$PACMAN_PATH" "${PACMAN_OPTS[@]}" "$@")
-		if type -p sudo >/dev/null; then
+		cmdescape="$(printf '%q ' "${cmd[@]}")"
+		if (( ${#PACMAN_AUTH[@]} )); then
+			if in_array '%q' "${PACMAN_AUTH[@]}"; then
+				cmd=("${PACMAN_AUTH[@]/\%q/$cmdescape}")
+			else
+				cmd=("${PACMAN_AUTH[@]}" "${cmd[@]}")
+			fi
+		elif type -p sudo >/dev/null; then
 			cmd=(sudo "${cmd[@]}")
 		else
-			cmd=(su root -c "$(printf '%q ' "${cmd[@]}")")
+			cmd=(su root -c "$cmdescape")
 		fi
 		local lockfile="$(pacman-conf DBPath)/db.lck"
 		while [[ -f $lockfile ]]; do
-- 
2.31.0
