fix(setup): Debian passwordless sudo and optional Docker install
Run visudo validation and sudoers.d checks with sudo so Debian no longer fails with a false validation error. Prompt before installing Docker and move AOSC Docker packages into the same optional install path. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
FlintyLemming
+57
-32
@@ -266,8 +266,8 @@ install_packages() {
|
||||
case "$DISTRO" in
|
||||
aosc)
|
||||
info "Installing packages via oma ..."
|
||||
psudo oma install -y git fish eza fastfetch btop docker docker-compose docker-buildx
|
||||
success "All packages installed via oma"
|
||||
psudo oma install -y git fish eza fastfetch btop
|
||||
success "Base packages installed via oma"
|
||||
;;
|
||||
debian|ubuntu)
|
||||
install_git
|
||||
@@ -327,43 +327,57 @@ setup_fish() {
|
||||
install_docker() {
|
||||
step "Docker Installation"
|
||||
|
||||
if command -v docker &>/dev/null; then
|
||||
info "Docker already installed ($(docker --version)), configuring non-root access"
|
||||
docker_no_root
|
||||
return
|
||||
fi
|
||||
|
||||
prompt_read ans "Install Docker Engine? [y/N] "
|
||||
case "$ans" in
|
||||
[Yy]*) ;;
|
||||
*)
|
||||
info "Skipping Docker installation"
|
||||
return
|
||||
;;
|
||||
esac
|
||||
|
||||
case "$DISTRO" in
|
||||
aosc)
|
||||
info "Docker already installed via oma, skipping"
|
||||
info "Installing Docker via oma ..."
|
||||
if psudo oma install -y docker docker-compose docker-buildx; then
|
||||
success "Docker installed"
|
||||
else
|
||||
warn "Docker installation failed — please install manually later."
|
||||
return
|
||||
fi
|
||||
;;
|
||||
debian|ubuntu)
|
||||
if command -v docker &>/dev/null; then
|
||||
info "Docker already installed ($(docker --version)), skipping"
|
||||
curl -fsSL https://git.mitsea.com/FlintyLemming/scripts-public/raw/branch/main/linux-managements/install-docker.sh \
|
||||
-o /tmp/install-docker.sh
|
||||
if psudo sh /tmp/install-docker.sh; then
|
||||
success "Docker installed"
|
||||
else
|
||||
curl -fsSL https://git.mitsea.com/FlintyLemming/scripts-public/raw/branch/main/linux-managements/install-docker.sh \
|
||||
-o /tmp/install-docker.sh
|
||||
if psudo sh /tmp/install-docker.sh; then
|
||||
success "Docker installed"
|
||||
else
|
||||
warn "Docker installation failed (packages may not be available for this release)."
|
||||
warn "Skipping Docker — please install manually later."
|
||||
fi
|
||||
warn "Docker installation failed (packages may not be available for this release)."
|
||||
warn "Skipping Docker — please install manually later."
|
||||
return
|
||||
fi
|
||||
;;
|
||||
fedora)
|
||||
if command -v docker &>/dev/null; then
|
||||
info "Docker already installed ($(docker --version)), skipping"
|
||||
info "Setting up Docker CE repository ..."
|
||||
psudo curl -fsSL https://download.docker.com/linux/fedora/docker-ce.repo \
|
||||
-o /etc/yum.repos.d/docker-ce.repo
|
||||
if psudo dnf install -y docker-ce docker-ce-cli containerd.io \
|
||||
docker-compose-plugin docker-buildx-plugin; then
|
||||
success "Docker installed"
|
||||
else
|
||||
info "Setting up Docker CE repository ..."
|
||||
psudo curl -fsSL https://download.docker.com/linux/fedora/docker-ce.repo \
|
||||
-o /etc/yum.repos.d/docker-ce.repo
|
||||
if psudo dnf install -y docker-ce docker-ce-cli containerd.io \
|
||||
docker-compose-plugin docker-buildx-plugin; then
|
||||
success "Docker installed"
|
||||
else
|
||||
warn "Docker installation failed (packages may not be available for this release)."
|
||||
warn "Skipping Docker — please install manually later."
|
||||
fi
|
||||
warn "Docker installation failed (packages may not be available for this release)."
|
||||
warn "Skipping Docker — please install manually later."
|
||||
return
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
# Only configure docker group/service if docker was actually installed
|
||||
if command -v docker &>/dev/null; then
|
||||
docker_no_root
|
||||
fi
|
||||
@@ -540,6 +554,12 @@ ensure_sudo() {
|
||||
fi
|
||||
}
|
||||
|
||||
# Debian ignores sudoers.d fragments whose names contain '.' or '~'.
|
||||
sudoers_d_filename_ok() {
|
||||
local name="$1"
|
||||
[[ "$name" =~ ^[a-zA-Z0-9_-]+$ ]]
|
||||
}
|
||||
|
||||
# ─── Passwordless Sudo ────────────────────────────────────────────────────────
|
||||
setup_passwordless_sudo() {
|
||||
step "Passwordless Sudo"
|
||||
@@ -547,8 +567,14 @@ setup_passwordless_sudo() {
|
||||
local sudoers_file="/etc/sudoers.d/${USER}"
|
||||
local expected_line="${USER} ALL=(ALL) NOPASSWD: ALL"
|
||||
|
||||
# Already configured?
|
||||
if [ -f "$sudoers_file" ] && grep -qF "$expected_line" "$sudoers_file" 2>/dev/null; then
|
||||
if ! sudoers_d_filename_ok "$USER"; then
|
||||
warn "Username '$USER' is not valid for /etc/sudoers.d/ on Debian (use only letters, digits, '_' and '-')"
|
||||
warn "Skipping passwordless sudo — configure manually if needed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Already configured? (sudoers.d is root-only readable on Debian)
|
||||
if psudo test -f "$sudoers_file" && psudo grep -qF "$expected_line" "$sudoers_file" 2>/dev/null; then
|
||||
info "Passwordless sudo already configured for '$USER'"
|
||||
return
|
||||
fi
|
||||
@@ -556,15 +582,14 @@ setup_passwordless_sudo() {
|
||||
prompt_read ans "Enable passwordless sudo for '${USER}'? [y/N] "
|
||||
case "$ans" in
|
||||
[Yy]*)
|
||||
# Write to a temp file first, then validate with visudo -cf
|
||||
local tmp_file
|
||||
tmp_file="$(mktemp)"
|
||||
echo "$expected_line" > "$tmp_file"
|
||||
chmod 0440 "$tmp_file"
|
||||
|
||||
if visudo -cf "$tmp_file" >/dev/null 2>&1; then
|
||||
psudo cp "$tmp_file" "$sudoers_file"
|
||||
psudo chmod 0440 "$sudoers_file"
|
||||
# visudo requires root on Debian/Ubuntu; validating as the current user fails with "Permission denied"
|
||||
if psudo visudo -cf "$tmp_file" >/dev/null 2>&1; then
|
||||
psudo install -o root -g root -m 0440 "$tmp_file" "$sudoers_file"
|
||||
rm -f "$tmp_file"
|
||||
success "Passwordless sudo enabled for '$USER'"
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user