blob: 0219b91128089652436e4ecb45139eb222bb6dc3 [file] [log] [blame]
#!/bin/bash
# Copyright 2020 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
set -e
if [[ "${UID:-$(id -u)}" != 0 ]]; then
# Note that since we're screwing w/ sudo variables, this script
# explicitly bounces up to root for everything it does- that way
# if anyone introduces a temp depriving in the sudo setup, it can't break
# mid upgrade.
# shellcheck source=../common.sh
. "$(dirname "$(dirname "$0")")/common.sh" || exit 1
load_environment_whitelist
echo "Rewriting with env list ${ENVIRONMENT_WHITELIST[*]}"
exec sudo bash "$0" / "${USER}" "${ENVIRONMENT_WHITELIST[@]}"
exit 1
fi
# Reaching here means we're root.
if [[ $# -lt 2 ]]; then
echo "Invoked with wrong number of args; expected root USER [variables]*" >&2
exit 1
fi
root=$1
username=$2
shift 2
set -- "$@" CROS_WORKON_SRCROOT PORTAGE_USERNAME
cat > "${root}/etc/sudoers.d/90_cros" <<EOF
Defaults env_keep += "$*"
# We need adm currently to let sudo work inside ebuilds.
%adm ALL=(ALL) ALL
root ALL=(ALL) ALL
${username} ALL=NOPASSWD: ALL
# Simplify the -v option checks due to overlap of the adm group and the user's
# supplementary groups. We don't set any passwords, so disable asking.
# https://crbug.com/762445
Defaults verifypw = any
EOF
chmod 0440 "${root}/etc/sudoers.d/90_cros"
chown root:root "${root}/etc/sudoers.d/90_cros"