Tomb icon indicating copy to clipboard operation
Tomb copied to clipboard
verified publisher icon dyne

Tomb fails if sudo is not installed

Open JonasVautherin opened this issue 2 years ago • 5 comments

Tomb is supposed to support alternatives to sudo (e.g. doas), but the script fails if sudo is not installed. I have seen it fail in two places:

  1. in _ensure_dependencies():
for req in cryptsetup pinentry sudo gpg mkfs.ext4 e2fsck; do

Maybe sudo should not be in that list? Also I am not completely sure if that list should exist: I tried to run it from an alpine container, and other dependencies were missing (including losetup, e2fsprogs). To me it feels like the system package manager should take care of the dependencies. Or at least maybe _ensure_dependencies() could check the value of --sudo?

  1. Still in _ensure_dependencies, this fails for me if I don't have sudo installed (even if I specify --sudo doas):
	[[ "$SUDO" == "sudo" ]] && {
	    command -v sudo 1>/dev/null 2>/dev/null ||
		_failure "No privilege escalation tool found, not even sudo"
	}

Same as above, maybe it could be solved by checking --sudo?

Other than that, it works for me with --sudo doas :+1:. I would be happy to make a patch, test it and open a PR, but I'd like to have your opinion first. Can it just use option_is_set --sudo in _ensure_dependencies()?

JonasVautherin avatar Dec 08 '23 20:12 JonasVautherin

Hi! Do you encounter the problem that I have in #470 while using --sudo doas?

amalgame21 avatar Dec 15 '23 11:12 amalgame21

Do you encounter the problem that I have in #470 while using --sudo doas?

I do, yes, but I thought it would be the next problem to solve :see_no_evil:. I am using OpenDoas on Alpine.

Do you have the problem I have above?

JonasVautherin avatar Dec 15 '23 12:12 JonasVautherin

Yes, I have the same problem as you mentioned above, but I installed doas-sudo-shim to get around it, which is just a shim for the sudo command that utilizes doas. Seems you are also using OpenDoas from Duncaen, same as mine.

amalgame21 avatar Dec 15 '23 13:12 amalgame21

but I installed doas-sudo-shim to get around it

Right, sounds like a valid workaround. In my case I really would like to fix the tomb script, because ideally I would like to make and maintain a package for Alpine.

JonasVautherin avatar Dec 15 '23 15:12 JonasVautherin

Hi @JonasVautherin ! thanks for this and the other report. You are welcome to file a PR with the fix you propose here, also remove sudo from the list of requirements.

The req check is there to issue an error before processing in case vital system components are missing, else tomb would proceed processing and perhaps hang in the mid of it (mapper without mount etc.) with third party error messages. We cannot rely on packaging for requirements, many of us use tomb as a simple drop-in script.

jaromil avatar Jan 29 '24 06:01 jaromil