From e2faf4bc5021b7d5c181550241ed5a0ead3e0378 Mon Sep 17 00:00:00 2001 From: ndwarshuis Date: Sat, 13 Mar 2021 16:57:45 -0500 Subject: [PATCH] ENH use custom home for makepkg builds --- dot_bin/executable_bootstrap_pkgs | 63 +++++++++++++++++++++---------- run_once_install-packages.sh | 2 +- 2 files changed, 44 insertions(+), 21 deletions(-) diff --git a/dot_bin/executable_bootstrap_pkgs b/dot_bin/executable_bootstrap_pkgs index fc7cc92..26a02e8 100644 --- a/dot_bin/executable_bootstrap_pkgs +++ b/dot_bin/executable_bootstrap_pkgs @@ -14,45 +14,45 @@ ## 6. remove the temporary HOME for yay ## 7. remove the pacman sudo privilege for nobody -PKGBUILD_dir="$HOME/.local/share/packages" +PKGSRC_dir="$1" +PKGBUILD_dir=/tmp/makepkg YAYTMP=/tmp/something +NOBODY_SUDO="nobody ALL=(root) NOPASSWD: /usr/bin/pacman" NOBODY_SUDO_CONF=/etc/sudoers.d/10-nobody-pacman mk_nobody_perms() { - echo "nobody ALL=(root) NOPASSWD: /usr/bin/pacman" > "$NOBODY_SUDO_CONF" -} - -rm_nobody_perms() { - rm "$NOBODY_SUDO_CONF" + echo "Giving user nobody permission to use pacman without password" + echo "$NOBODY_SUDO" > "$NOBODY_SUDO_CONF" } mk_yaytmp() { + echo "Creating temporary build directory for yay at $YAYTMP" mkdir "$YAYTMP" chown -R nobody:nobody "$YAYTMP" - # chgrp nobody "$YAYTMP" - # chmod g+ws "$YAYTMP" - # setfacl -m u::rwx,g::rwx "$YAYTMP" - # setfacl -d --set u::rwx,g::rwx,o::- "$YAYTMP" } -rm_yaytmp() { - rm -f "$YAYTMP" -} - -call_makepkg() { - cd "$PKGBUILD_dir/$1" || exit - sudo -u nobody makepkg -s -r -i -f --noconfirm +mk_makepkg_dir() { + echo "Creating temporary makepkg build directory at $PKGBUILD_dir" + mkdir -p "$PKGBUILD_dir" + cp -r "$PKGSRC_dir"/* "$PKGBUILD_dir" + chown -R nobody:nobody "$PKGBUILD_dir" } try_nobody_update() { ## Try updating pacman as the nobody user. If this fails then something ## went wrong when setting up sudo permissions for nobody + echo "Testing pacman permissions for user nobody. Trying to update cache." if ! sudo -u nobody -n sudo pacman -Syy; then echo "Failed to obtain pacman permissions for user nobody. Exiting." - exit 1 + return 1 fi } +call_makepkg() { + cd "$PKGBUILD_dir/$1" || return 1 + sudo -u nobody makepkg -s -r -i -f --noconfirm +} + run_yay() { ## TODO add template switches to control which of these get installed based ## on my config @@ -103,6 +103,30 @@ run_makepkg() { call_makepkg "xkb-hypermode" } +rm_makepkg_dir() { + echo "Removing temporary makepkg build directory at $PKGBUILD_dir" + rm -r "$PKGBUILD_dir" +} + +rm_yaytmp() { + echo "Removing temporary build directory for yay at $YAYTMP" + rm -f "$YAYTMP" +} + +rm_nobody_perms() { + echo "Removing user nobody's permission to use pacman without password" + rm -r -f "$NOBODY_SUDO_CONF" +} + +clean_up() { + rm_yaytmp + rm_makepkg_dir + rm_nobody_perms + exit +} + +trap 'clean_up' ERR EXIT + if [[ ! "$(id -u)" = "0" ]]; then echo "This script must be run as root. Exiting" exit 1 @@ -113,8 +137,7 @@ try_nobody_update mk_yaytmp run_yay -rm_yaytmp +mk_makepkg_dir run_makepkg -rm_nobody_perms diff --git a/run_once_install-packages.sh b/run_once_install-packages.sh index 6863307..1234c9e 100644 --- a/run_once_install-packages.sh +++ b/run_once_install-packages.sh @@ -4,7 +4,7 @@ ## Configuration is assumed to be handled elsewhere (for now) eg in etckeeper ## or with ansible -sudo bootstrap_pkgs +sudo "$HOME/.bin/bootstrap_pkgs" # PKGBUILD_dir="$HOME/.local/share/packages"