sean/sudo-nopasswd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Seán
2026-01-10 22:22:36 +00:00
commit 89d049ba7a
16 changed files with 318 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
build/build-deb.sh Executable file
View File

@@ -0,0 +1,38 @@
#!/bin/bash
set -e
mkdir -p debian
BUILD_DIR="$(dirname "$0")"
DEBIAN_DIR="$BUILD_DIR/../debian"
DIST_DIR="$BUILD_DIR/../dist"
UNINSTALL="$BUILD_DIR/uninstall.sh"
POST_INSTALL="$BUILD_DIR/post_install.sh"
echo "$(cat "$UNINSTALL")" > "$DEBIAN_DIR/prerm"
echo "#DEBHELPER#" >> "$DEBIAN_DIR/prerm"
echo "$(cat "$POST_INSTALL")" > "$DEBIAN_DIR/postinst"
echo "#DEBHELPER#" >> "$DEBIAN_DIR/postinst"
if [ ! -f "$DEBIAN_DIR/control" ]; then
echo "Error: $DEBIAN_DIR/control not found."
exit 1
fi
if ! command -v docker >/dev/null 2>&1; then
echo "Error: Docker not found. Please install Docker."
exit 1
fi
if ! docker info >/dev/null 2>&1; then
echo "Starting Docker daemon..."
if command -v systemctl >/dev/null 2>&1; then
sudo systemctl start docker
elif command -v rc-service >/dev/null 2>&1; then
sudo rc-service docker start
else
echo "Error: Unable to determine init system. Please start Docker manually."
exit 1
fi
sleep 2
fi
docker run --rm -v "$(pwd)":/src -v "$DIST_DIR":/dist -w /src debian:latest bash -c "
apt update && apt install -y debhelper devscripts &&
dpkg-buildpackage -us -uc &&
mv /*.deb /dist/
"
echo "Package built: $(ls "$DIST_DIR"/sudo-nopasswd_*.deb | head -n 1)"

26
build/build-gentoo.sh Executable file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
# Script to build and install the sudo-nopasswd package on Gentoo
set -e
# Check if we're in the project directory
if [ ! -f "gentoo/app-admin/sudo-nopasswd/sudo-nopasswd-1.0.ebuild" ]; then
echo "Error: ebuild not found. Run this script from the project root."
exit 1
fi
# Check for emerge command
if ! command -v emerge >/dev/null 2>&1; then
echo "Error: emerge command not found. Ensure portage is installed."
exit 1
fi
# Set up local repository
echo "Setting up local repository..."
sudo mkdir -p /etc/portage/repos.conf
sudo tee /etc/portage/repos.conf/local.conf > /dev/null <<EOF
[local]
location = /home/sean/sudo-nopasswd/gentoo
masters = gentoo
EOF
# Regenerate cache
sudo emerge --regen
echo "Building and installing package..."
sudo emerge =app-admin/sudo-nopasswd-1.0
echo "Package installed successfully."

19
build/install.sh Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
set -e
[ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
CONSTANTS="sudo_no_passwd_constants.sh"
SRC="$(dirname "$0")/../src"
source "$SRC/$CONSTANTS"
mkdir -p "$SHARE_DIR"
cp "$SRC/$CONSTANTS" "$SHARE_DIR/"
cp "$SRC/$UPDATE_COMMAND" "$BIN_DIR/"
cp "$SRC/$WATCH_COMMAND" "$BIN_DIR/"
chmod +x "$BIN_DIR/$UPDATE_COMMAND" "$BIN_DIR/$WATCH_COMMAND"
if command -v systemctl >/dev/null 2>&1; then
cp "$SRC/$SERVICE_FILE" "$SYSTEMD_DIR/"
elif command -v rc-update >/dev/null 2>&1; then
cp "$SRC/$INIT_FILE" "$INITD_DIR/"
else
echo "Unsupported init system."
fi
"$(dirname "$0")/post_install.sh"

20
build/post_install.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
set -e
[ "$EUID" -eq 0 ] || { echo "Please run as root"; exit 1; }
SHARE_DIR="/usr/share/sudo-nopasswd"
CONSTANTS="sudo_no_passwd_constants.sh"
source "$SHARE_DIR/$CONSTANTS"
[ -f "$ETC_FILE" ] || touch "$ETC_FILE"
if command -v systemctl >/dev/null 2>&1; then
systemctl enable "$SERVICE_FILE"
if [ -d /run/systemd/system ]; then
systemctl daemon-reload
systemctl start "$SERVICE_FILE"
fi
elif command -v rc-update >/dev/null 2>&1; then
chmod +x "$INITD_DIR/$INIT_FILE"
rc-update add "$INIT_FILE" default
rc-service "$INIT_FILE" start
else
echo "Unsupported init system."
fi

33
build/test-deb.sh Executable file
View File

@@ -0,0 +1,33 @@
#!/bin/bash
set -e
if ! command -v docker >/dev/null 2>&1; then
echo "Error: Docker not found."
exit 1
fi
if ! docker info >/dev/null 2>&1; then
echo "Starting Docker..."
if command -v systemctl >/dev/null 2>&1; then
sudo systemctl start docker
elif command -v rc-service >/dev/null 2>&1; then
sudo rc-service docker start
else
echo "Error: Unable to start Docker."
exit 1
fi
sleep 2
fi
DEB_FILE=$(ls ./*.deb 2>/dev/null | head -1)
if [ -z "$DEB_FILE" ]; then
echo "Error: No .deb file found in current directory. Run build-deb.sh first."
exit 1
fi
echo "Found .deb file: $DEB_FILE"
CONTAINER_NAME="test-debian-sudo"
echo "Starting detached Debian container..."
CONTAINER_ID=$(docker run -d --name "$CONTAINER_NAME" debian:latest tail -f /dev/null)
echo "Container started with ID: $CONTAINER_ID"
echo "Copying .deb file into container..."
docker cp "$DEB_FILE" "$CONTAINER_NAME:/root/"
echo "Setup complete."
echo "To enter the container: docker exec -it $CONTAINER_NAME /bin/bash"
echo "To stop the container: docker stop $CONTAINER_NAME && docker rm $CONTAINER_NAME"

25
build/uninstall.sh Executable file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
set -e
SHARE_DIR="/usr/share/sudo-nopasswd"
[ -e "$SHARE_DIR" ] || { echo "sudo-nopasswd is not installed."; exit 1; }
source "$SHARE_DIR/sudo_no_passwd_constants.sh"
[ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
if command -v systemctl >/dev/null 2>&1; then
systemctl stop "$SERVICE_FILE" 2>/dev/null || true
systemctl disable "$SERVICE_FILE" 2>/dev/null || true
rm -f "$SYSTEMD_DIR/$SERVICE_FILE"
systemctl daemon-reload
elif command -v rc-update >/dev/null 2>&1; then
rc-service "$INIT_FILE" stop 2>/dev/null || true
rc-update del "$INIT_FILE" 2>/dev/null || true
rm -f "$INITD_DIR/$INIT_FILE"
else
echo "Unsupported init system."
fi
rm -f "$BIN_DIR/$UPDATE_COMMAND"
rm -f "$BIN_DIR/$WATCH_COMMAND"
rm -rf "$SHARE_DIR"
if [ -f "$ETC_FILE" ] && [ ! -s "$ETC_FILE" ]; then
rm -f "$ETC_FILE"
fi
echo "Uninstallation complete."

19
debian/copyright vendored Normal file
View File

@@ -0,0 +1,19 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: sudo-nopasswd
Source: <url://sudo-nopasswd.seanhealy.ie>
Files: *
Copyright: 2026 Seán Healy <sean.healy@proxymighty.com>
License: GPL-3+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.

5
debian/install vendored Normal file
View File

@@ -0,0 +1,5 @@
src/sudo_no_passwd_constants.sh usr/share/sudo-nopasswd/
src/update-sudo-nopasswd usr/bin/
src/watch-sudo-nopasswd usr/bin/
src/watch-sudo-nopasswd.service lib/systemd/system/
src/watch-sudo-nopasswd.init etc/init.d/

1
gentoo/app-admin/sudo-nopasswd/Manifest Normal file
View File

@@ -0,0 +1 @@
EBUILD sudo-nopasswd-1.0.ebuild 789 BLAKE2B 87e99e2b601960139f7e0e3f518c9903218af968b1f94480565bde51506091feba94e89f2aa77f7f7183089b2dc723e3a687506294cbbd5717879e8b82f1371f SHA512 3cbf2bccf1a6eb3c195cbf2412ae7e1e7f8a727a1681a3a405191ac75234ab900ef37f5d8e1066e4514ca54807e2d15e1c08b7792cca69da5b4fafe0c697b662

34
gentoo/app-admin/sudo-nopasswd/sudo-nopasswd-1.0.ebuild Executable file
View File

@@ -0,0 +1,34 @@
EAPI=8
DESCRIPTION="A tool for managing sudo commands without password prompts"
HOMEPAGE=""
SRC_URI=""
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~amd64 ~x86"
RDEPEND="app-admin/sudo
sys-process/inotify-tools"
DEPEND="${RDEPEND}"
src_install() {
dobin src/update-sudo-nopasswd
dobin src/watch-sudo-nopasswd
insinto /usr/share/sudo-nopasswd
doins src/sudo_no_passwd_constants.sh
newinitd "${FILESDIR}"/watch-sudo-nopasswd.init watch-sudo-nopasswd
systemd_dounit src/watch-sudo-nopasswd.service
}
pkg_postinst() {
if [ ! -f "${ROOT}/etc/sudo-nopasswd" ]; then
touch "${ROOT}/etc/sudo-nopasswd"
elog "Created empty ${ROOT}/etc/sudo-nopasswd"
fi
elog "To enable the service:"
elog " systemctl enable watch-sudo-nopasswd (systemd)"
elog " rc-update add watch-sudo-nopasswd default (OpenRC)"
}

1
gentoo/metadata/layout.conf Normal file
View File

@@ -0,0 +1 @@
masters = gentoo

11
src/sudo-nopasswd.init Normal file
View File

@@ -0,0 +1,11 @@
#!/sbin/openrc-run
description="Watch for changes to sudo-nopasswd and update sudoers"
command="/usr/bin/watch-sudo-nopasswd"
command_background=yes
pidfile="/run/watch-sudo-nopasswd.pid"
start_stop_daemon_args="--quiet"
stop() {
ebegin "Stopping watch-sudo-nopasswd"
start-stop-daemon --stop --pidfile /run/watch-sudo-nopasswd.pid
eend $?
}

12
src/sudo-nopasswd.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Watch for changes to /etc/sudo-nopasswd and update sudoers NOPASSWD
After=network.target
[Service]
ExecStart=/usr/bin/watch-sudo-nopasswd
Restart=always
User=root
Type=simple
[Install]
WantedBy=multi-user.target

19
src/sudo_no_passwd_constants.sh Normal file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
ETC_FILE="/etc/sudo-nopasswd"
SUDOERS_FILE="/etc/sudoers"
SUDOERS_BAK="/etc/sudoers.bak"
BEFORE_COMMANDS="/tmp/sudo-nopasswd-before"
AFTER_COMMANDS="/tmp/sudo-nopasswd-after"
SCRIPT_NAME="update-sudo-nopasswd"
# Installation paths
BIN_DIR="/usr/bin"
SERVICE_FILE="sudo-nopasswd.service"
INIT_FILE="sudo-nopasswd.init"
SYSTEMD_DIR="/etc/systemd/system"
INITD_DIR="/etc/init.d"
UPDATE_COMMAND="update-sudo-nopasswd"
WATCH_COMMAND="watch-sudo-nopasswd"
SHARE_DIR="/usr/share/sudo-nopasswd"

44
src/update-sudo-nopasswd Executable file
View File

@@ -0,0 +1,44 @@
#!/bin/bash
set -e
SHARE_DIR="/usr/share/sudo-nopasswd"
CONSTANTS="sudo_no_passwd_constants.sh"
source "$SHARE_DIR/$CONSTANTS"
[ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
cp "$SUDOERS_FILE" "$SUDOERS_BAK"
if grep -q "^%sudo.*NOPASSWD" "$SUDOERS_FILE"; then
grep "%sudo.*NOPASSWD" "$SUDOERS_FILE" |
sed -E 's/.*NOPASSWD: //;s/([^\\]),/\1\n/g;s/\\\\//g' > "$BEFORE_COMMANDS"
else
touch "$BEFORE_COMMANDS"
fi
output="$(
cat "$ETC_FILE" |
awk -F' ' '{"command -v "$1 | getline program; $1=program; print}' |
sed -E 's/([:,#])/\\\\\1/g' |
paste -sd,
)"
sep=$(printf '\001')
if [ "$output" ]; then
if grep -q "^%sudo.*NOPASSWD" "$SUDOERS_FILE"; then
sed -i "s${sep}^%sudo.*NOPASSWD: .*${sep}%sudo ALL=(ALL:ALL) NOPASSWD: $output${sep}" "$SUDOERS_FILE"
else
sed -i "/^%sudo/a %sudo ALL=(ALL:ALL) NOPASSWD: $output" "$SUDOERS_FILE"
fi
else
sed -i "/^%sudo.*NOPASSWD/d" "$SUDOERS_FILE"
fi
if ! visudo -c "$SUDOERS_FILE" >/dev/null 2>&1; then
cat "$SUDOERS_BAK" | grep "%sudo.*NOPASSWD"
cp "$SUDOERS_BAK" "$SUDOERS_FILE"
echo "Syntax error detected in $SUDOERS_FILE. Reverted to backup."
exit 1
else
rm "$SUDOERS_BAK"
fi
cat "$ETC_FILE" |
awk -F' ' '{"command -v "$1 | getline program; $1=program; print}' > "$AFTER_COMMANDS"
diff -u "$BEFORE_COMMANDS" "$AFTER_COMMANDS" --color=always |
grep $'^\x1b\\[[0-9;]*m[+-]' |
grep -Ev $'^\x1b\\[[0-9;]*m([+][+][+]|[-][-][-])'
rm "$BEFORE_COMMANDS" "$AFTER_COMMANDS"

11
src/watch-sudo-nopasswd Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/bash
set -e
[ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
SHARE_DIR="/usr/share/sudo-nopasswd"
CONSTANTS="sudo_no_passwd_constants.sh"
source "$SHARE_DIR/$CONSTANTS"
while [ 1 ]; do
while ! inotifywait -e close_write "$ETC_FILE"; do
"$UPDATE_COMMAND"
done
done