dots-hyprland
dots-hyprland copied to clipboard
end-4
Use only one authentication for sudo for install.sh
- I have read the Usage and Troubleshooting pages of the wiki: https://end-4.github.io/dots-hyprland-wiki/en/i-i/03troubleshooting/
- I have made sure that both my config and system packages are up to date
- Linux distro: Arch Linux
The issue
I ran the install script to update stuff today, and I'm being prompted for a password for every single metapackage, like:
==> WARNING: A package has already been built, installing existing package...
==> Installing package illogical-impulse-audio with pacman -U...
[sudo] password for joel:
I'm not sure if it's something I did or not. I did recently edit my /etc/makepkg.conf to set BUILDDIR=/tmp/makepkg as per https://wiki.archlinux.org/title/Makepkg#Building_from_files_in_memory
Not entirely sure if that affects anything. A full log of one metapackage install is below, but the warning and password prompt are repeated for every single one.
Logs
[./install.sh]: Next command:
install-local-pkgbuild ./arch-packages/illogical-impulse-audio --needed
Execute?
y = Yes
e = Exit now
s = Skip this command (NOT recommended - your setup might not work correctly)
yesforall = Yes and don't ask again; NOT recommended unless you really sure
====> y
OK, executing...
~/.cache/dots-hyprland/arch-packages/illogical-impulse-audio ~/.cache/dots-hyprland
[./install.sh]: Command "pushd ./arch-packages/illogical-impulse-audio" finished.
Sync Dependency (5): swww-0.9.5-2, pavucontrol-1:6.1-1, wireplumber-0.5.6-1, libdbusmenu-gtk3-16.04.0.r498-2, playerctl-2.4.1-4
warning: playerctl-2.4.1-4 is up to date -- skipping
warning: swww-0.9.5-2 is up to date -- skipping
warning: pavucontrol-1:6.1-1 is up to date -- skipping
warning: wireplumber-0.5.6-1 is up to date -- skipping
warning: libdbusmenu-gtk3-16.04.0.r498-2 is up to date -- skipping
there is nothing to do
[./install.sh]: Command "yay -S --needed --asdeps pavucontrol wireplumber libdbusmenu-gtk3 playerctl swww" finished.
==> WARNING: A package has already been built, installing existing package...
==> Installing package illogical-impulse-audio with pacman -U...
[sudo] password for joel:
Maybe relevant? https://archlinux.org/news/manual-intervention-for-pacman-700-and-local-repositories-required/
I am unfamiliar with local repositories and such, so once again I must say I am... unsure
Someone else reporting the same issue - and I notice I forgot to add here that I had also updated to pacman 7.0
Which makes it seem more likely that it wasn't related to my BUILDDIR change, but potentially related to changes surrounding pacman 7
My issue (#853) seems identical. Removing the directory and reinstalling from the network setup does not resolve it. Figured it might have been initialised with the wrong user premissions since it was created before pacman 7.0
Experienced the same. Would love to not repeat my same password 20 times. Otherwise not critical.
If someone has any free time, you could try seeing if the fix outlined here (https://archlinux.org/news/manual-intervention-for-pacman-700-and-local-repositories-required/) is relevant to this issue. I don't know how the metapackages work, so I can't even tell if this is relevant, but if it fixes it then I guess it was?
I've tried changing the ownership of the ~/EndDots-hyprland/arch-packages/ to alpm, but that didn't help any.
Yeah, I tried that too, I have no idea what's going on. @end-4 any ideas? (also @clsty , although not sure if they are currently active or not)
So, the problem here is that pacman is executed under sudo which requires password.
The complete solution, I think, is to require password once before the whole script to temporarily store it, and enter the password for every sudo automatically. But this might be dangerous if not handled well enough, also I don't have experience on that thing, nor do I have time and energy to try. See https://stackoverflow.com/a/36603412 and https://bbs.archlinux.org/viewtopic.php?id=249369 if someone is interested.
Here is a workaround (sacrifice security in exchange for convenience): just configure sudo to not require any password for the command.
I guess the following should work (NOT TESTED, maybe remove -U or add ,/usr/bin/makepkg if not work):
Run visudo (which basically edits /etc/sudoers but safer) and add the following (assuming your user is in the group wheel):
%wheel ALL=(ALL) NOPASSWD: /usr/bin/pacman -U
See https://wiki.archlinux.org/title/Sudo#Example_entries for more.
@clsty The strange thing is, it was working previously. Makes me wonder, what has actually changed to cause this to no longer work the way it used to?
@clsty The strange thing is, it was working previously. Makes me wonder, what has actually changed to cause this to no longer work the way it used to?
I don't know. I guess that it's because sudo asks your password only once during a specific length of time, and ask again after that period, and for some reason this period was exceeded for some sudo during execution of the script.
No, it's not to do with time, my timeout is 5 minutes, and the install script will ask the pw twice in 10 seconds
On Sun, 3 Nov 2024, 08:39 Celestial.y, @.***> wrote:
@clsty https://github.com/clsty The strange thing is, it was working previously. Makes me wonder, what has actually changed to cause this to no longer work the way it used to?
I don't know. I guess that it's because sudo asks your password only once during a specific length of time, and ask again after that period, and for some reason this period was exceeded for some sudo during execution of the script.
— Reply to this email directly, view it on GitHub https://github.com/end-4/dots-hyprland/issues/823#issuecomment-2453329642, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQYIMBOAJAOBS6L326DSVKLZ6XHLLAVCNFSM6AAAAABOQOHFZWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINJTGMZDSNRUGI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
I am not sure if it will work, but I think the issue is that each yay process tries to get sudo access separately, and it resets every time, since it is technically a separate session for each thing. What theoretically can be done - it to keep an open background task that will execute empty sudo commands time to time, which will keepalive sudo privilege for the main process.
sudo -v
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &
You can try putting it right under prevent_sudo_or_root line, but I don't want to reinstall again just to test my theory.
@clsty
No, it's not to do with time, my timeout is 5 minutes, and the install script will ask the pw twice in 10 seconds
According to this one, I do not think the background empty sudo running will work. @katulevskiy
With yay you can use the argument --sudoloop --save to keep the credentials going if same session.
If we are using Nix to install deps, it even does not need sudo XD
With yay you can use the argument --save to keep the credentials going if same session.
Thanks, I'll check it out.
Update: in yay man | Linux Command Library:
--save
Causes the following options to be saved back to the config file. This provides an easy way to change config options without directly editing the file.
@NonaSuomy I don't think it behaves as a sudo keeper.
However I did find out a sudoloop argument:
--sudoloop
Loop sudo calls in the background to prevent sudo from timing out during long builds.
This one should be useful.
Sorry I forgot --sudoloop --save
--save will write yay config which we are not intend to do, and according to the man page it only writes the config without doing anything about keeping the sudo credential or something, so it's no use for our case at all.
You could maybe do something like this as well for other things
while true; do sudo -v; sleep 60; done &
somemanager install package-name
kill %1
may have to figure out more with that... I tried adding it to install-deps.sh
[./install.sh]: Command "yay -S --sudoloop --save --needed --noconfirm --asdeps axel bc coreutils cliphist cmake curl rsync wget ripgrep jq meson xdg-user-dirs" finished.
==> WARNING: A package has already been built, installing existing package...
==> Installing package illogical-impulse-basic with pacman -U...
[sudo] password for nonasuomy:
It still asked for the password the second time...
This worked...
dist-arch/install-deps.sh
# This script is meant to be sourced.
# It's not for directly running.
install-yay(){
x sudo pacman -S --needed --noconfirm base-devel
x git clone https://aur.archlinux.org/yay-bin.git /tmp/buildyay
x cd /tmp/buildyay
x makepkg -o
x makepkg -se
x makepkg -i --noconfirm
x cd $base
rm -rf /tmp/buildyay
}
# NOTE: `handle-deprecated-dependencies` was for the old days when we just switch from dependencies.conf to local PKGBUILDs.
# However, let's just keep it as references for other distros writing their `dist-<DISTRO_ID>/install-deps.sh`, if they need it.
handle-deprecated-dependencies(){
printf "${STY_CYAN}[$0]: Removing deprecated dependencies:${STY_RESET}\n"
for i in illogical-impulse-{microtex,pymyc-aur,ags,agsv1} {hyprutils,hyprpicker,hyprlang,hypridle,hyprland-qt-support,hyprland-qtutils,hyprlock,xdg-desktop-portal-hyprland,hyprcursor,hyprwayland-scanner,hyprland}-git;do try sudo pacman --noconfirm -Rdd $i;done
# Convert old dependencies to non explicit dependencies so that they can be orphaned if not in meta packages
remove_bashcomments_emptylines ./dist-arch/previous_dependencies.conf ./cache/old_deps_stripped.conf
readarray -t old_deps_list < ./cache/old_deps_stripped.conf
pacman -Qeq > ./cache/pacman_explicit_packages
readarray -t explicitly_installed < ./cache/pacman_explicit_packages
echo "Attempting to set previously explicitly installed deps as implicit..."
for i in "${explicitly_installed[@]}"; do for j in "${old_deps_list[@]}"; do
[ "$i" = "$j" ] && yay -D --asdeps "$i"
done; done
return 0
}
#####################################################################################
if ! command -v pacman >/dev/null 2>&1; then
printf "${STY_RED}[$0]: pacman not found, it seems that the system is not ArchLinux or Arch-based distros. Aborting...${STY_RESET}\n"
exit 1
fi
# Issue #363
case $SKIP_SYSUPDATE in
true) sleep 0;;
*) v sudo pacman -Syu;;
esac
# Use yay. Because paru does not support cleanbuild.
# Also see https://wiki.hyprland.org/FAQ/#how-do-i-update
if ! command -v yay >/dev/null 2>&1;then
echo -e "${STY_YELLOW}[$0]: \"yay\" not found.${STY_RESET}"
showfun install-yay
v install-yay
fi
showfun handle-deprecated-dependencies
v handle-deprecated-dependencies
# Pre-authenticate sudo once for all the package installations that follow
sudo -v
# https://github.com/end-4/dots-hyprland/issues/581
# yay -Bi is kinda hit or miss, instead cd into the relevant directory and manually source and install deps
install-local-pkgbuild() {
local location=$1
local installflags=$2
x pushd $location
source ./PKGBUILD
x yay -S $installflags --asdeps "${depends[@]}"
# Use sudo directly with pacman instead of makepkg -Asi to avoid password prompts
x makepkg -f --noconfirm
x sudo pacman -U --noconfirm *.pkg.tar.zst
x popd
}
# Install core dependencies from the meta-packages
metapkgs=(./dist-arch/illogical-impulse-{audio,backlight,basic,fonts-themes,kde,portal,python,screencapture,toolkit,widgets})
metapkgs+=(./dist-arch/illogical-impulse-hyprland)
metapkgs+=(./dist-arch/illogical-impulse-microtex-git)
# metapkgs+=(./dist-arch/packages/illogical-impulse-oneui4-icons-git)
[[ -f /usr/share/icons/Bibata-Modern-Classic/index.theme ]] || \
metapkgs+=(./dist-arch/illogical-impulse-bibata-modern-classic-bin)
for i in "${metapkgs[@]}"; do
metainstallflags="--needed"
$ask && showfun install-local-pkgbuild || metainstallflags="$metainstallflags --noconfirm"
v install-local-pkgbuild "$i" "$metainstallflags"
done
## Optional dependencies
if pacman -Qs ^plasma-browser-integration$ ;then SKIP_PLASMAINTG=true;fi
case $SKIP_PLASMAINTG in
true) sleep 0;;
*)
if $ask;then
echo -e "${STY_YELLOW}[$0]: NOTE: The size of \"plasma-browser-integration\" is about 600 MiB.${STY_RESET}"
echo -e "${STY_YELLOW}It is needed if you want playtime of media in Firefox to be shown on the music controls widget.${STY_RESET}"
echo -e "${STY_YELLOW}Install it? [y/N]${STY_RESET}"
read -p "====> " p
else
p=y
fi
case $p in
y) x sudo pacman -S --needed --noconfirm plasma-browser-integration ;;
*) echo "Ok, won't install"
esac
;;
esac
changed the install-local-pkgbuild function to:
Build the package without installing using makepkg -f --noconfirm Then install it with sudo using sudo pacman -U --noconfirm *.pkg.tar.zst
This way, all the sudo commands will use the same cached credentials from the initial sudo pacman -Syu at the start of the script. The -f flag forces a rebuild even if the package exists.
The makepkg -Asi internally calls sudo in a way that doesn't respect the parent shell's sudo cache properly. By separating the build and install steps, we have explicit control over when sudo is called.
This should work because all the sudo pacman commands will share the same sudo timestamp, so you'll only need to enter your password once at the very beginning.