2020-08-07 21:18:40 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
2020-08-07 21:42:52 +00:00
|
|
|
# This script edits a temporary copy of the doas.conf file and
|
|
|
|
# automatically checks it for syntax errors before installing
|
|
|
|
# the new copy of doas.conf.
|
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
set -eu
|
2020-08-07 21:18:40 +00:00
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
PATH=/bin:/usr/bin:/usr/local/bin
|
|
|
|
export PATH
|
|
|
|
|
|
|
|
PROG="${0##*/}"
|
|
|
|
|
|
|
|
umask 077
|
|
|
|
|
|
|
|
WRK_DIR=/var/tmp
|
|
|
|
INSTALL_DIR=/usr/local/etc
|
|
|
|
|
|
|
|
doas_conf_mode=0644
|
|
|
|
|
|
|
|
doas_lock_file="${WRK_DIR}/doas.conf"
|
|
|
|
installed_doas="${INSTALL_DIR}/doas.conf"
|
|
|
|
|
|
|
|
die()
|
|
|
|
{
|
|
|
|
echo "${PROG}: ${@}" 1>&2
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
warn()
|
|
|
|
{
|
|
|
|
echo "${PROG}: ${@}" 1>&2
|
|
|
|
}
|
|
|
|
|
|
|
|
get_intr()
|
|
|
|
{
|
|
|
|
stty -a \
|
|
|
|
| sed -En '
|
|
|
|
/^(.* )?intr = / {
|
|
|
|
s///
|
|
|
|
s/;.*$//
|
|
|
|
p
|
|
|
|
}
|
|
|
|
'
|
|
|
|
}
|
2020-08-07 21:18:40 +00:00
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
set_trap_rm()
|
|
|
|
{
|
|
|
|
local file file_list
|
|
|
|
file_list=
|
|
|
|
for file
|
|
|
|
do
|
|
|
|
file_list="${file_list} '${file}'"
|
|
|
|
done
|
|
|
|
if [ -n "${file_list}" ]
|
|
|
|
then
|
|
|
|
trap "rm -f ${file_list}" 0 1 2 15
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
tmp_doas="$(mktemp "${WRK_DIR}/doas.conf.XXXXXXXXXX")"
|
|
|
|
set_trap_rm "${tmp_doas}"
|
|
|
|
|
|
|
|
# Check to see if an existing configuration file is installed.
|
|
|
|
if [ -f "${installed_doas}" ]
|
2020-08-07 21:18:40 +00:00
|
|
|
then
|
2020-10-22 08:23:56 +00:00
|
|
|
if [ -r "${installed_doas}" ]
|
|
|
|
then
|
|
|
|
cp "${installed_doas}" "${tmp_doas}"
|
|
|
|
else
|
|
|
|
die "Cannot read ${installed_doas}"
|
|
|
|
fi
|
2020-08-07 21:18:40 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Check to see if existing temporary doas.conf file exists.
|
2020-10-22 08:23:56 +00:00
|
|
|
if ln "${tmp_doas}" "${doas_lock_file}"
|
2020-08-07 21:18:40 +00:00
|
|
|
then
|
2020-10-22 08:23:56 +00:00
|
|
|
set_trap_rm "${tmp_doas}" "${doas_lock_file}"
|
|
|
|
else
|
|
|
|
die "The doas.conf file is already locked"
|
2020-08-07 21:18:40 +00:00
|
|
|
fi
|
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
"${EDITOR:-vi}" "${tmp_doas}" || true
|
2020-08-07 21:18:40 +00:00
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
while ! doas -C "${tmp_doas}"
|
2020-08-07 21:18:40 +00:00
|
|
|
do
|
2020-10-22 08:23:56 +00:00
|
|
|
warn "Press enter to edit doas.conf again to fix it,"
|
|
|
|
warn "or interrupt ($(get_intr)) to cancel."
|
|
|
|
read status
|
|
|
|
"${EDITOR:-vi}" "${tmp_doas}" || true
|
2020-08-07 21:18:40 +00:00
|
|
|
done
|
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
if [ -s "${tmp_doas}" ]
|
|
|
|
then
|
|
|
|
if cmp -s "${tmp_doas}" "${installed_doas}"
|
|
|
|
then
|
|
|
|
warn "No changes made"
|
|
|
|
warn "${installed_doas} unchanged"
|
|
|
|
else
|
2021-01-25 18:09:16 +00:00
|
|
|
doas -- install -o root -m "${doas_conf_mode}" \
|
2020-10-22 08:23:56 +00:00
|
|
|
"${tmp_doas}" "${installed_doas}" \
|
|
|
|
&& warn "${installed_doas} updated"
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
warn "Not installing an empty doas.conf file"
|
|
|
|
warn "${installed_doas} unchanged"
|
|
|
|
fi
|