check sudo only when needed

c0e7d570 · Vitaly Lipatov · af2719ae · c0e7d570 · c0e7d570 · c0e7d570
Commit c0e7d570 authored Aug 28, 2021 by Vitaly Lipatov
13 changed files
--- a/bin/epm
+++ b/bin/epm
@@ -45,8 +45,6 @@ load_helper epm-sh-functions

 set_pm_type

-set_sudo
-
 check_tty

 #############################

--- a/bin/epm-addrepo
+++ b/bin/epm-addrepo
@@ -138,8 +138,8 @@ __epm_addkey_deb()
    local fingerprint="$2"
    if [ -z "$fingerprint" ] ; then
        assure_exists curl
-        showcmd "curl -fsSL '$url' | sudo apt-key add -"
-        a= curl -fsSL "$url" | $SUDO apt-key add -
+        showcmd "curl -fsSL '$url' | $SUDO apt-key add -"
+        a= curl -fsSL "$url" | sudorun apt-key add -
        return
    fi
    sudocmd apt-key adv --keyserver "$url" --recv "$fingerprint"
@@ -183,7 +183,7 @@ __epm_addrepo_deb()

 	# FIXME: quotes in showcmd/sudocmd
 	showcmd apt-add-repository "$repo"
-	$SUDO apt-add-repository "$repo"
+	sudorun apt-add-repository "$repo"
 	info "Check file /etc/apt/sources.list if needed"
 }


--- a/bin/epm-check_updated_repo
+++ b/bin/epm-check_updated_repo
@@ -22,7 +22,7 @@ __is_repo_info_downloaded()
    case $PMTYPE in
        apt-*)
            if [ -r /var/cache/apt ] ; then
-                $SUDO test -r /var/cache/apt/pkgcache.bin || return
+                sudorun test -r /var/cache/apt/pkgcache.bin || return
            fi
            ;;
        *)
@@ -38,7 +38,7 @@ __is_repo_info_uptodate()
            # apt-deb do not update lock file date
            #if $SUDO test -r /var/lib/apt/lists ; then
                local LOCKFILE=/var/lib/apt/lists
-                $SUDO test -r $LOCKFILE || return
+                sudorun test -r $LOCKFILE || return
                # if repo older than 1 day, return false
                # find print string if file is obsoleted
                test -z "$(find $LOCKFILE -maxdepth 0 -mtime +1)" || return
@@ -55,7 +55,7 @@ update_repo_if_needed()
    # check if we need skip update checking
    if [ "$1" = "soft" ] && [ -n "$SUDO" ] ; then
        # if sudo requires a password, skip autoupdate
-        sudo -n true 2>/dev/null || { info "sudo requires a password, skip repo status checking" ; return 0 ; }
+        sudorun -n true 2>/dev/null || { info "sudo requires a password, skip repo status checking" ; return 0 ; }
    fi

    cd / || fatal
@@ -72,7 +72,7 @@ update_repo_if_needed()
 save_installed_packages()
 {
 	[ -d /var/lib/rpm ] || return 0
-	estrlist list "$@" | $SUDO tee /var/lib/rpm/EPM-installed >/dev/null
+	estrlist list "$@" | sudorun tee /var/lib/rpm/EPM-installed >/dev/null
 }

 check_manually_installed()

--- a/bin/epm-dedup
+++ b/bin/epm-dedup
@@ -28,7 +28,7 @@ try_fix_apt_rpm_dupls()
 		sudocmd epm remove --auto $TESTPKG || return
 	fi
 	local PKGLIST
-	PKGLIST=$(LANG=C $SUDO apt-get install $TESTPKG 2>&1 | grep "W: There are multiple versions of" | \
+	PKGLIST=$(LANG=C sudorun apt-get install $TESTPKG 2>&1 | grep "W: There are multiple versions of" | \
 		sed -e 's|W: There are multiple versions of "\(.*\)" in your system.|\1|')
 	local TODEL
 	for i in $PKGLIST ; do

--- a/bin/epm-downgrade
+++ b/bin/epm-downgrade
@@ -22,7 +22,7 @@ load_helper epm-check_updated_repo
 __epm_add_alt_apt_downgrade_preferences()
 {
 	[ -r /etc/apt/preferences ] && fatal "/etc/apt/preferences already exists"
-	cat <<EOF | $SUDO tee /etc/apt/preferences
+	cat <<EOF | sudorun tee /etc/apt/preferences
 # main repo
 Package: *
 Pin: release c=classic
@@ -40,7 +40,7 @@ __epm_add_deb_apt_downgrade_preferences()
 {
 	[ -r /etc/apt/preferences ] && fatal "/etc/apt/preferences already exists"
 	info "Running with /etc/apt/preferences:"
-	cat <<EOF | $SUDO tee /etc/apt/preferences
+	cat <<EOF | sudorun tee /etc/apt/preferences
 Package: *
 Pin: release a=stable
 Pin-Priority: 1001

--- a/bin/epm-filelist
+++ b/bin/epm-filelist
@@ -61,7 +61,8 @@ __epm_filelist_remote()
 			;;
 		apt-dpkg)
 			assure_exists apt-file || return
-			if sudo -n true 2>/dev/null ; then
+			# TODO: improve me
+			if sudorun -n true 2>/dev/null ; then
 				sudocmd apt-file update
 			else
 				info "sudo requires a password, skip apt-file update"

--- a/bin/epm-install
+++ b/bin/epm-install
@@ -260,7 +260,7 @@ epm_ni_install_names()
 __epm_check_if_rpm_already_installed()
 {
 	# Not: we can make optimize if just check version?
-	LANG=C $SUDO rpm -Uvh $force $nodeps $@ 2>&1 | grep -q "is already installed"
+	LANG=C sudorun rpm -Uvh $force $nodeps $@ 2>&1 | grep -q "is already installed"
 }

 __handle_direct_install()

--- a/bin/epm-play
+++ b/bin/epm-play
@@ -24,7 +24,7 @@ __save_installed_app()
 {
 	[ -d "$epm_vardir" ] || return 0
 	__check_installed_app "$1" && return 0
-	echo "$1" | $SUDO tee -a $epm_vardir/installed-app >/dev/null
+	echo "$1" | sudorun tee -a $epm_vardir/installed-app >/dev/null
 }

 __remove_installed_app()
@@ -32,7 +32,7 @@ __remove_installed_app()
 	[ -d "$epm_vardir" ] || return 0
 	local i
 	for i in $* ; do
-		$SUDO sed -i "/^$i$/d" $epm_vardir/installed-app
+		sudorun sed -i "/^$i$/d" $epm_vardir/installed-app
 	done
 	return 0
 }

--- a/bin/epm-removerepo
+++ b/bin/epm-removerepo
@@ -30,7 +30,7 @@ __epm_removerepo_alt_grepremove()
 		if [ -n "$verbose" ] ; then
 			sudocmd apt-repo $dryrun rm "$rp"
 		else
-			$SUDO apt-repo $dryrun rm "$rp"
+			sudorun apt-repo $dryrun rm "$rp"
 		fi
 	done
 }
@@ -91,7 +91,9 @@ esac;
 case $PMTYPE in
 	apt-dpkg)
 		assure_exists apt-add-repository software-properties-common
+		# FIXME: it is possible there is troubles to pass the args
 		showcmd apt-add-repository --remove "$*"
+		set_sudo
 		$SUDO apt-add-repository --remove "$*"
 		info "Check file /etc/apt/sources.list if needed"
 		;;

--- a/bin/epm-sh-functions
+++ b/bin/epm-sh-functions
@@ -135,11 +135,19 @@ docmd_foreach()
 	done
 }

+# run command line with SUDO
+sudorun()
+{
+	set_sudo
+	[ -n "$SUDO" ] && $SUDO "$@" || "$@"
+}
+
 # Print command line and run command line with SUDO
 sudocmd()
 {
+	set_sudo
 	[ -n "$SUDO" ] && showcmd "$SUDO $*" || showcmd "$*"
-	$SUDO $@
+	sudorun "$@"
 }

 # Run every arg with sudocmd
@@ -281,8 +289,12 @@ info()
 	fi
 }

+SUDO_TESTED="0"
+SUDO_CMD="sudo"
 set_sudo()
 {
+	[ "$SUDO_TESTED" = "1" ] && return
+	SUDO_TESTED="1"
 	SUDO=""
 	# skip SUDO if disabled
 	[ -n "$EPMNOSUDO" ] && return
@@ -296,28 +308,28 @@ set_sudo()
 	# do not need sudo
 	[ $EFFUID = "0" ] && return

-	if ! which sudo >/dev/null 2>/dev/null ; then
-		SUDO="fatal 'Can't find sudo. Please install and tune sudo or run epm under root.'"
+	if ! which $SUDO_CMD >/dev/null 2>/dev/null ; then
+		SUDO="fatal 'Can't find sudo. Please install and tune sudo ('# epm install sudo') or run epm under root.'"
 		return
 	fi

 	# if input is a console
 	if inputisatty && isatty && isatty2 ; then
-		if ! sudo -l >/dev/null ; then
-			SUDO="fatal 'Can't use sudo (only without password sudo is supported). Please run epm under root.'"
+		if ! $SUDO_CMD -l >/dev/null ; then
+			SUDO="fatal 'Can't use sudo (only without password sudo is supported in non interactive using). Please run epm under root.'"
 			return
 		fi
 	else
 		# use sudo if one is tuned and tuned without password
-		if ! sudo -l -n >/dev/null 2>/dev/null ; then
+		if ! $SUDO_CMD -l -n >/dev/null 2>/dev/null ; then
 			SUDO="fatal 'Can't use sudo (only without password sudo is supported). Please run epm under root.'"
 			return
 		fi
 	fi

-	SUDO="sudo --"
+	SUDO="$SUDO_CMD --"
 	# check for < 1.7 version which do not support -- (and --help possible too)
-	sudo -h 2>/dev/null | grep -q "  --" || SUDO="sudo"
+	$SUDO_CMD -h 2>/dev/null | grep -q "  --" || SUDO="$SUDO_CMD"

 }

@@ -341,6 +353,7 @@ set_eatmydata()
 	[ -n "$EPMNOEATMYDATA" ] && return
 	# use if possible
 	which eatmydata >/dev/null 2>/dev/null || return
+	set_sudo
 	[ -n "$SUDO" ] && SUDO="$SUDO eatmydata" || SUDO="eatmydata"
 	[ -n "$verbose" ] && info "Uwaga! eatmydata is installed, we will use it for disable all sync operations."
 	return 0

--- a/bin/serv-status
+++ b/bin/serv-status
@@ -26,22 +26,22 @@ is_service_running()
 	case $SERVICETYPE in
 		service-chkconfig|service-upstart)
 			if is_anyservice $1 ; then
-				OUTPUT="$($SUDO anyservice $1 status 2>/dev/null)" || return 1
+				OUTPUT="$(sudorun anyservice $1 status 2>/dev/null)" || return 1
 				echo "$OUTPUT" | grep -q "is stopped" && return 1
 				return 0
 			fi
-			OUTPUT="$($SUDO service $1 status 2>/dev/null)" || return 1
+			OUTPUT="$(sudorun service $1 status 2>/dev/null)" || return 1
 			echo "$OUTPUT" | grep -q "is stopped" && return 1
 			return 0
 			;;
 		service-initd|service-update)
-			$SUDO $INITDIR/$1 status >/dev/null 2>/dev/null
+			sudorun $INITDIR/$1 status >/dev/null 2>/dev/null
 			;;
 		systemd)
-			$SUDO systemctl status $1 >/dev/null 2>/dev/null
+			sudorun systemctl status $1 >/dev/null 2>/dev/null
 			;;
 		runit)
-			$SUDO sv status "$SERVICE" >/dev/null 2>/dev/null
+			sudorun sv status "$SERVICE" >/dev/null 2>/dev/null
 			;;
 		*)
 			fatal "Have no suitable command for $SERVICETYPE"
@@ -62,13 +62,13 @@ is_service_autostart()
 			fi

 			# FIXME: check for current runlevel
-			LANG=C $SUDO chkconfig $1 --list | grep -q "[35]:on"
+			LANG=C sudorun chkconfig $1 --list | grep -q "[35]:on"
 			;;
 		service-initd|service-update)
                        test -L "$(echo /etc/rc5.d/S??$1)"
 			;;
 		systemd)
-			$SUDO systemctl is-enabled $1
+			sudorun systemctl is-enabled $1
 			;;
 		runit)
 			test -L "/var/service/$SERVICE"

--- a/bin/serv-usage
+++ b/bin/serv-usage
@@ -31,11 +31,11 @@ serv_usage()
 		service-chkconfig|service-upstart)
 			# CHECKME: many services print out usage in stderr, it conflicts with printout command
 			#sudocmd service $SERVICE 2>&1
-			$SUDO service $SERVICE 2>&1
+			sudorun service $SERVICE 2>&1
 			;;
 		service-initd|service-update)
 			#sudocmd /etc/init.d/$SERVICE 2>&1
-			$SUDO service $SERVICE 2>&1
+			sudorun service $SERVICE 2>&1
 			;;
 		systemd)
 			sudocmd systemctl $SERVICE 2>&1

--- a/check_eepm.log
+++ b/check_eepm.log
@@ -6,6 +6,5 @@ findutils
 grep
 less
 sed
-sudo
 termutils
 which