2020-08-07 21:18:40 +00:00
|
|
|
#!/bin/sh
|
2020-11-08 22:12:50 +00:00
|
|
|
# Edit a temporary copy of the doas.conf file and check it for syntax
|
|
|
|
# errors before installing it as the actual doas.conf file.
|
2020-08-07 21:42:52 +00:00
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
set -eu
|
2020-08-07 21:18:40 +00:00
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
PATH=/bin:/usr/bin:/usr/local/bin
|
|
|
|
export PATH
|
|
|
|
|
|
|
|
PROG="${0##*/}"
|
|
|
|
|
2020-11-08 22:12:50 +00:00
|
|
|
umask 022
|
2020-10-22 08:23:56 +00:00
|
|
|
|
2020-11-08 22:12:50 +00:00
|
|
|
DOAS_CONF=@DOAS_CONF@
|
|
|
|
doas_lock_file="${DOAS_CONF}.lck"
|
2020-10-22 08:23:56 +00:00
|
|
|
|
|
|
|
die()
|
|
|
|
{
|
|
|
|
echo "${PROG}: ${@}" 1>&2
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
warn()
|
|
|
|
{
|
|
|
|
echo "${PROG}: ${@}" 1>&2
|
|
|
|
}
|
|
|
|
|
|
|
|
get_intr()
|
|
|
|
{
|
|
|
|
stty -a \
|
|
|
|
| sed -En '
|
|
|
|
/^(.* )?intr = / {
|
|
|
|
s///
|
|
|
|
s/;.*$//
|
|
|
|
p
|
|
|
|
}
|
|
|
|
'
|
|
|
|
}
|
2020-08-07 21:18:40 +00:00
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
set_trap_rm()
|
|
|
|
{
|
|
|
|
local file file_list
|
|
|
|
file_list=
|
|
|
|
for file
|
|
|
|
do
|
|
|
|
file_list="${file_list} '${file}'"
|
|
|
|
done
|
|
|
|
if [ -n "${file_list}" ]
|
|
|
|
then
|
|
|
|
trap "rm -f ${file_list}" 0 1 2 15
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2020-11-08 22:12:50 +00:00
|
|
|
tmp_doas="$(mktemp "${DOAS_CONF}.XXXXXXXXXX")" \
|
|
|
|
|| die "You probably need to run ${PROG} as root"
|
2020-10-22 08:23:56 +00:00
|
|
|
set_trap_rm "${tmp_doas}"
|
|
|
|
|
2020-11-08 22:12:50 +00:00
|
|
|
# It is important that the ln(1) command fails if the target already
|
|
|
|
# exists. Some versions are known to behave like "ln -f" by default
|
|
|
|
# (removing any existing target). Adjust PATH to avoid such ln(1)
|
|
|
|
# implementations.
|
|
|
|
|
|
|
|
tmp_test_ln="$(mktemp "${DOAS_CONF}.XXXXXXXXXX")"
|
|
|
|
set_trap_rm "${tmp_doas}" "${tmp_test_ln}"
|
|
|
|
|
|
|
|
if ln "${tmp_doas}" "${tmp_test_ln}" 2>/dev/null
|
|
|
|
then
|
|
|
|
die 'ln(1) is not safe for lock files, bailing'
|
|
|
|
fi
|
|
|
|
|
|
|
|
# If a doas.conf file exists, copy it into the temporary file for
|
|
|
|
# editing. If none exist, the editor will open with an empty file.
|
|
|
|
|
|
|
|
if [ -f "${DOAS_CONF}" ]
|
2020-08-07 21:18:40 +00:00
|
|
|
then
|
2020-11-08 22:12:50 +00:00
|
|
|
if [ -r "${DOAS_CONF}" ]
|
2020-10-22 08:23:56 +00:00
|
|
|
then
|
2020-11-08 22:12:50 +00:00
|
|
|
cp "${DOAS_CONF}" "${tmp_doas}"
|
2020-10-22 08:23:56 +00:00
|
|
|
else
|
2020-11-08 22:12:50 +00:00
|
|
|
die "Cannot read ${DOAS_CONF}"
|
2020-10-22 08:23:56 +00:00
|
|
|
fi
|
2020-08-07 21:18:40 +00:00
|
|
|
fi
|
|
|
|
|
2020-11-08 22:12:50 +00:00
|
|
|
# Link the temporary file to the lock file.
|
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
if ln "${tmp_doas}" "${doas_lock_file}"
|
2020-08-07 21:18:40 +00:00
|
|
|
then
|
2020-11-08 22:12:50 +00:00
|
|
|
set_trap_rm "${tmp_doas}" "${tmp_test_ln}" "${doas_lock_file}"
|
2020-10-22 08:23:56 +00:00
|
|
|
else
|
2020-11-08 22:12:50 +00:00
|
|
|
die "${DOAS_CONF} is already locked"
|
2020-08-07 21:18:40 +00:00
|
|
|
fi
|
|
|
|
|
2020-11-08 22:12:50 +00:00
|
|
|
# Some versions of vi(1) exit with a code that reflects the number of
|
|
|
|
# editing errors made. This is why we ignore the exit code from the
|
|
|
|
# editor.
|
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
"${EDITOR:-vi}" "${tmp_doas}" || true
|
2020-08-07 21:18:40 +00:00
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
while ! doas -C "${tmp_doas}"
|
2020-08-07 21:18:40 +00:00
|
|
|
do
|
2020-10-22 08:23:56 +00:00
|
|
|
warn "Press enter to edit doas.conf again to fix it,"
|
|
|
|
warn "or interrupt ($(get_intr)) to cancel."
|
|
|
|
read status
|
|
|
|
"${EDITOR:-vi}" "${tmp_doas}" || true
|
2020-08-07 21:18:40 +00:00
|
|
|
done
|
|
|
|
|
2020-11-08 22:12:50 +00:00
|
|
|
# Use mv(1) to rename the temporary file to doas.conf as it is atomic.
|
|
|
|
# This avoids any problems from another process reading doas.conf while
|
|
|
|
# it is being written.
|
|
|
|
|
2020-10-22 08:23:56 +00:00
|
|
|
if [ -s "${tmp_doas}" ]
|
|
|
|
then
|
2020-11-08 22:12:50 +00:00
|
|
|
if cmp -s "${tmp_doas}" "${DOAS_CONF}"
|
2020-10-22 08:23:56 +00:00
|
|
|
then
|
|
|
|
warn "No changes made"
|
2020-11-08 22:12:50 +00:00
|
|
|
warn "${DOAS_CONF} unchanged"
|
2020-10-22 08:23:56 +00:00
|
|
|
else
|
2020-11-08 22:12:50 +00:00
|
|
|
mv "${tmp_doas}" "${DOAS_CONF}" \
|
|
|
|
&& warn "${DOAS_CONF} updated"
|
2020-10-22 08:23:56 +00:00
|
|
|
fi
|
|
|
|
else
|
|
|
|
warn "Not installing an empty doas.conf file"
|
2020-11-08 22:12:50 +00:00
|
|
|
warn "${DOAS_CONF} unchanged"
|
2020-10-22 08:23:56 +00:00
|
|
|
fi
|