pengwin-setup icon indicating copy to clipboard operation
pengwin-setup copied to clipboard
verified publisher icon WhitewaterFoundry

Add Sudo Management menu to Settings with passwordless and WSL-Hello-sudo options

Open Copilot opened this issue 3 months ago • 4 comments

Plan for Adding Sudo Management

  • [x] Create main installer script: pengwin-setup.d/wsl-hello-sudo.sh
  • [x] Create passwordless sudo installer: pengwin-setup.d/passwordless-sudo.sh
  • [x] Create sudo management menu: pengwin-setup.d/sudo-management.sh
  • [x] Add entry to Settings menu in pengwin-setup.d/settings.sh
  • [x] Create uninstaller scripts for both options
  • [x] Add uninstall entries to pengwin-setup.d/uninstall.sh
  • [x] Update bash completion in completions/pengwin-setup
  • [x] Create unit test: tests/wsl-hello-sudo.sh
  • [x] Add test to tests/run_tests.sh
  • [x] Validate with shellcheck - all checks pass
  • [x] Implement mutual exclusivity between options
  • [x] FIX: Save and use official uninstall.sh, remove leftover files
  • [x] REFACTOR: Use helper functions from uninstall-common.sh

Summary

Successfully integrated a new Sudo Management menu in the Settings section of pengwin-setup, providing two exclusive authentication methods:

  1. Passwordless sudo - Configures sudoers.d for no-password sudo (similar to AWS VMs)
  2. WSL-Hello-sudo - Uses Windows Hello (fingerprint, face recognition, PIN) for sudo authentication

The two options are mutually exclusive - enabling one will prompt to remove the other if installed.

Latest Changes (Use helper functions per @crramirez feedback)

Uninstaller refactoring:

  • Replaced sudo sed -i '/pam_wsl_hello/d' with sudo_clean_file helper function
  • Replaced sudo rm -rf with sudo_rem_dir helper function for directory removal
  • More consistent with project patterns and better error handling

Changes made:

  • Line 28: Now uses sudo_clean_file "/etc/pam.d/sudo" "pam_wsl_hello" instead of direct sed command
  • Line 46: Now uses sudo_rem_dir "/etc/pam_wsl_hello" instead of conditional sudo rm -rf
  • Line 49: Now uses sudo_rem_dir "/usr/local/share/wsl-hello-sudo" instead of conditional sudo rm -rf

Files Created

  1. pengwin-setup.d/sudo-management.sh - Main menu for sudo authentication methods
  2. pengwin-setup.d/passwordless-sudo.sh - Passwordless sudo installer
  3. pengwin-setup.d/wsl-hello-sudo.sh - WSL-Hello-sudo installer
  4. pengwin-setup.d/uninstall/passwordless-sudo.sh - Passwordless sudo uninstaller
  5. pengwin-setup.d/uninstall/wsl-hello-sudo.sh - WSL-Hello-sudo uninstaller (refactored)
  6. tests/wsl-hello-sudo.sh - Unit tests

Files Modified

  • settings.sh - Added SUDO option to Settings menu
  • services.sh - Removed WSL-HELLO-SUDO (moved to Settings)
  • uninstall.sh - Added PASSWORDLESS-SUDO and kept WSL-HELLO-SUDO
  • completions/pengwin-setup - Updated for new menu structure
  • run_tests.sh - Added test reference (commented for CI)
  • wsl-hello-sudo.sh - Added logic to save official uninstall.sh
  • uninstall/wsl-hello-sudo.sh - Now uses helper functions and removes all leftover files
  • tests/wsl-hello-sudo.sh - Added checks for leftover files

Validation Results

✓ All shellcheck validations pass (no errors) ✓ All bash syntax checks pass ✓ Follows Google Shell Style Guide conventions ✓ Follows project patterns and conventions ✓ All scripts are executable ✓ Proper function documentation with Google style ✓ CodeQL security check passed ✓ Mutual exclusivity properly enforced ✓ Proper error handling throughout ✓ Complete cleanup of all leftover files ✓ Uses helper functions from uninstall-common.sh

Usage

Interactive:

pengwin-setup → SETTINGS → SUDO → Choose option
  - PASSWORDLESS: No password required for sudo
  - WSL-HELLO-SUDO: Windows Hello authentication

Non-interactive:

# Passwordless sudo
pengwin-setup install SETTINGS SUDO PASSWORDLESS

# WSL-Hello-sudo
pengwin-setup install SETTINGS SUDO WSL-HELLO-SUDO

# Uninstall either
pengwin-setup install UNINSTALL PASSWORDLESS-SUDO
pengwin-setup install UNINSTALL WSL-HELLO-SUDO

Architecture

The two sudo authentication methods are mutually exclusive:

  • Installing one automatically checks for and offers to remove the other (with user confirmation)
  • Passwordless sudo: Creates /etc/sudoers.d/passwordless-sudo
  • WSL-Hello-sudo: Installs PAM module and modifies /etc/pam.d/sudo

Uninstallation properly uses helper functions:

  • Uses sudo_clean_file to remove PAM configuration lines

  • Uses sudo_rem_dir to remove directories

  • Uses sudo_rem_file to remove files

  • Provides consistent error messages and better handling

  • No leftover files remain after uninstallation

  • Fixes WhitewaterFoundry/Pengwin#670

Original prompt

This section details on the original issue you should resolve

<issue_title>[Feature Request] Add WSL-Hello-sudo</issue_title> <issue_description>Is your feature request related to a problem? Please describe. Integrate https://github.com/nullpo-head/WSL-Hello-sudo so that it can be easily installed and enabled by pengwin-setup.

Describe the solution you'd like Have an entry to install it in pengwin-setup.

Describe alternatives you've considered No

Additional context I think it will be quite useful for people having Windows Hello. </issue_description>

<agent_instructions>put it in the services menu</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@crramirez That sounds like a good addition. Let's put it in the roadmap
  • Fixes WhitewaterFoundry/Pengwin#670

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot avatar Nov 19 '25 12:11 Copilot