fix(setup): Debian passwordless sudo and optional Docker install
Run visudo validation and sudoers.d checks with sudo so Debian no longer fails with a false validation error. Prompt before installing Docker and move AOSC Docker packages into the same optional install path. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
FlintyLemming
+57
-32
@@ -266,8 +266,8 @@ install_packages() {
|
|||||||
case "$DISTRO" in
|
case "$DISTRO" in
|
||||||
aosc)
|
aosc)
|
||||||
info "Installing packages via oma ..."
|
info "Installing packages via oma ..."
|
||||||
psudo oma install -y git fish eza fastfetch btop docker docker-compose docker-buildx
|
psudo oma install -y git fish eza fastfetch btop
|
||||||
success "All packages installed via oma"
|
success "Base packages installed via oma"
|
||||||
;;
|
;;
|
||||||
debian|ubuntu)
|
debian|ubuntu)
|
||||||
install_git
|
install_git
|
||||||
@@ -327,43 +327,57 @@ setup_fish() {
|
|||||||
install_docker() {
|
install_docker() {
|
||||||
step "Docker Installation"
|
step "Docker Installation"
|
||||||
|
|
||||||
|
if command -v docker &>/dev/null; then
|
||||||
|
info "Docker already installed ($(docker --version)), configuring non-root access"
|
||||||
|
docker_no_root
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
prompt_read ans "Install Docker Engine? [y/N] "
|
||||||
|
case "$ans" in
|
||||||
|
[Yy]*) ;;
|
||||||
|
*)
|
||||||
|
info "Skipping Docker installation"
|
||||||
|
return
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
case "$DISTRO" in
|
case "$DISTRO" in
|
||||||
aosc)
|
aosc)
|
||||||
info "Docker already installed via oma, skipping"
|
info "Installing Docker via oma ..."
|
||||||
|
if psudo oma install -y docker docker-compose docker-buildx; then
|
||||||
|
success "Docker installed"
|
||||||
|
else
|
||||||
|
warn "Docker installation failed — please install manually later."
|
||||||
|
return
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
debian|ubuntu)
|
debian|ubuntu)
|
||||||
if command -v docker &>/dev/null; then
|
curl -fsSL https://git.mitsea.com/FlintyLemming/scripts-public/raw/branch/main/linux-managements/install-docker.sh \
|
||||||
info "Docker already installed ($(docker --version)), skipping"
|
-o /tmp/install-docker.sh
|
||||||
|
if psudo sh /tmp/install-docker.sh; then
|
||||||
|
success "Docker installed"
|
||||||
else
|
else
|
||||||
curl -fsSL https://git.mitsea.com/FlintyLemming/scripts-public/raw/branch/main/linux-managements/install-docker.sh \
|
warn "Docker installation failed (packages may not be available for this release)."
|
||||||
-o /tmp/install-docker.sh
|
warn "Skipping Docker — please install manually later."
|
||||||
if psudo sh /tmp/install-docker.sh; then
|
return
|
||||||
success "Docker installed"
|
|
||||||
else
|
|
||||||
warn "Docker installation failed (packages may not be available for this release)."
|
|
||||||
warn "Skipping Docker — please install manually later."
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
fedora)
|
fedora)
|
||||||
if command -v docker &>/dev/null; then
|
info "Setting up Docker CE repository ..."
|
||||||
info "Docker already installed ($(docker --version)), skipping"
|
psudo curl -fsSL https://download.docker.com/linux/fedora/docker-ce.repo \
|
||||||
|
-o /etc/yum.repos.d/docker-ce.repo
|
||||||
|
if psudo dnf install -y docker-ce docker-ce-cli containerd.io \
|
||||||
|
docker-compose-plugin docker-buildx-plugin; then
|
||||||
|
success "Docker installed"
|
||||||
else
|
else
|
||||||
info "Setting up Docker CE repository ..."
|
warn "Docker installation failed (packages may not be available for this release)."
|
||||||
psudo curl -fsSL https://download.docker.com/linux/fedora/docker-ce.repo \
|
warn "Skipping Docker — please install manually later."
|
||||||
-o /etc/yum.repos.d/docker-ce.repo
|
return
|
||||||
if psudo dnf install -y docker-ce docker-ce-cli containerd.io \
|
|
||||||
docker-compose-plugin docker-buildx-plugin; then
|
|
||||||
success "Docker installed"
|
|
||||||
else
|
|
||||||
warn "Docker installation failed (packages may not be available for this release)."
|
|
||||||
warn "Skipping Docker — please install manually later."
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# Only configure docker group/service if docker was actually installed
|
|
||||||
if command -v docker &>/dev/null; then
|
if command -v docker &>/dev/null; then
|
||||||
docker_no_root
|
docker_no_root
|
||||||
fi
|
fi
|
||||||
@@ -540,6 +554,12 @@ ensure_sudo() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Debian ignores sudoers.d fragments whose names contain '.' or '~'.
|
||||||
|
sudoers_d_filename_ok() {
|
||||||
|
local name="$1"
|
||||||
|
[[ "$name" =~ ^[a-zA-Z0-9_-]+$ ]]
|
||||||
|
}
|
||||||
|
|
||||||
# ─── Passwordless Sudo ────────────────────────────────────────────────────────
|
# ─── Passwordless Sudo ────────────────────────────────────────────────────────
|
||||||
setup_passwordless_sudo() {
|
setup_passwordless_sudo() {
|
||||||
step "Passwordless Sudo"
|
step "Passwordless Sudo"
|
||||||
@@ -547,8 +567,14 @@ setup_passwordless_sudo() {
|
|||||||
local sudoers_file="/etc/sudoers.d/${USER}"
|
local sudoers_file="/etc/sudoers.d/${USER}"
|
||||||
local expected_line="${USER} ALL=(ALL) NOPASSWD: ALL"
|
local expected_line="${USER} ALL=(ALL) NOPASSWD: ALL"
|
||||||
|
|
||||||
# Already configured?
|
if ! sudoers_d_filename_ok "$USER"; then
|
||||||
if [ -f "$sudoers_file" ] && grep -qF "$expected_line" "$sudoers_file" 2>/dev/null; then
|
warn "Username '$USER' is not valid for /etc/sudoers.d/ on Debian (use only letters, digits, '_' and '-')"
|
||||||
|
warn "Skipping passwordless sudo — configure manually if needed"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Already configured? (sudoers.d is root-only readable on Debian)
|
||||||
|
if psudo test -f "$sudoers_file" && psudo grep -qF "$expected_line" "$sudoers_file" 2>/dev/null; then
|
||||||
info "Passwordless sudo already configured for '$USER'"
|
info "Passwordless sudo already configured for '$USER'"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
@@ -556,15 +582,14 @@ setup_passwordless_sudo() {
|
|||||||
prompt_read ans "Enable passwordless sudo for '${USER}'? [y/N] "
|
prompt_read ans "Enable passwordless sudo for '${USER}'? [y/N] "
|
||||||
case "$ans" in
|
case "$ans" in
|
||||||
[Yy]*)
|
[Yy]*)
|
||||||
# Write to a temp file first, then validate with visudo -cf
|
|
||||||
local tmp_file
|
local tmp_file
|
||||||
tmp_file="$(mktemp)"
|
tmp_file="$(mktemp)"
|
||||||
echo "$expected_line" > "$tmp_file"
|
echo "$expected_line" > "$tmp_file"
|
||||||
chmod 0440 "$tmp_file"
|
chmod 0440 "$tmp_file"
|
||||||
|
|
||||||
if visudo -cf "$tmp_file" >/dev/null 2>&1; then
|
# visudo requires root on Debian/Ubuntu; validating as the current user fails with "Permission denied"
|
||||||
psudo cp "$tmp_file" "$sudoers_file"
|
if psudo visudo -cf "$tmp_file" >/dev/null 2>&1; then
|
||||||
psudo chmod 0440 "$sudoers_file"
|
psudo install -o root -g root -m 0440 "$tmp_file" "$sudoers_file"
|
||||||
rm -f "$tmp_file"
|
rm -f "$tmp_file"
|
||||||
success "Passwordless sudo enabled for '$USER'"
|
success "Passwordless sudo enabled for '$USER'"
|
||||||
else
|
else
|
||||||
|
|||||||
Reference in New Issue
Block a user