~mil/sxmo-tickets#294: 
switch to doas instead of sudo

Status
RESOLVED FIXED
Submitter
~anjan
Assigned to
No-one
Submitted
3 years ago
Updated
3 years ago
Labels
ready

~proycon 3 years ago

Let the user decide at least, we don't want to force people to use doas rather than sudo either, many are accustomed to sudo. We only call it from a few places in our scripts anyway and should keep that minimal anyway.

--

Maarten van Gompel (proycon) https://proycon.anaproy.nl

~anjan 3 years ago

~proycon that issue says that pmOS will be removing sudo and adding doas to the base install. That means that users will have to manually install sudo if they want to use it.

I think users shouldnt have to install sudo to use sxmo-utils. I think we can modify our scripts to do the following:

  1. use doas by default
  2. if sudo is installed, use sudo instead of doas.

~stacyharper 3 years ago

~anjan outgoing@sr.ht wrote:

~proycon that issue says that pmOS will be removing sudo and adding doas to the base install. That means that users will have to manually install sudo if they want to use it.

This is not what I see it that MR and not what they talked about right ?

They only are removing sudo as defaults cause it prevent users to choose between sudo and doas. So we just need to add sudo (or doas I dont care) as dependency where we need it as they are doing for postmarketos-mkinitfs.

It look like we have to choose between one or the other and that will impact users. I think sudo is more common.

~anjan 3 years ago

Sorry guys, I linked the wrong issue. I was so confused as to why everyone was saying that.

https://gitlab.com/postmarketOS/pmaports/-/issues/1121

~stacyharper 3 years ago

Ow okay. It make more sense :D

But it look like this decision is still in debate right ?

~anjan 3 years ago

ollie said he would accept a MR and it is in progress. I think it's good to keep an eye. I think we should keep an eye on all pmaports issues/merge requests going forward. There could be breaking changes that I dont want to discover when they go to cut a release candidate and suddenly sxmo doesnt work lol.

~anjan 3 years ago*

We should look to do this sooner rather than later. See: https://gitlab.alpinelinux.org/alpine/tsc/-/issues/1

If this gets changed before the next release of sxmo (1.6.0), I guess we can cherrypick the patch onto 1.5.0.

(if all this gets approved ofc)

~noneofyourbusiness 3 years ago*

https://lists.sr.ht/~mil/sxmo-devel/patches/24191 (replace sudo with "$ROOTCMD")

Note: Discussions about adding a include directory patch upstream are happening.

~noneofyourbusiness 3 years ago*

https://github.com/Duncaen/OpenDoas/pull/71 is nearing completion

Looks like a good time to revise those patches

~begs 3 years ago

OpenDoas with doas.d is already in Alpine repos.

I'm for migrating to doas (at least by default, but I see no reasons to keep sudo support in Sxmo, it's anyway not seen by user directly), because it fits our (and every real human's) needs better.

~proycon 3 years ago

I'm still a bit on the fence about doas actually (mostly because I don't have experience with it yet). I understand it's a simpler/lighter implementation which fits our philosophy much better. My worry is:

  • Does this also go well with the other distributions people might run Sxmo on? (mostly thinking of arch and mobian here). We don't have only Alpine/pmos to consider.
  • The use of sudo is widespread and well-known (https://xkcd.com/149/), doas isn't, can a simple alias be provided so the user can still type 'sudo' ?

--

Maarten van Gompel (proycon) https://proycon.anaproy.nl

~begs 3 years ago

Does this also go well with the other distributions people might run Sxmo on?

Yes, it's available on both Arch and Debian: https://repology.org/project/opendoas/versions

~anjan 3 years ago

~proycon, users will still be able to install sudo. It's just that we shouldnt use sudo in the base install since it's full of vulnerabilities and I want sxmo-* to be secure.

~proycon 3 years ago

Right, I see. Agreed, no problem then. I'll give your patch a try.

~anjan REPORTED FIXED 3 years ago

Register here or Log in to comment, or comment via email.