FS#66004 - [pacman-contrib]`pacdiff` should check execution privileges and escalate when needed like `paccache`

Attached to Project: Community Packages
Opened by Luca (lucatrv) - Saturday, 28 March 2020, 08:31 GMT
Last edited by Daniel M. Capella (polyzen) - Friday, 18 February 2022, 05:49 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To Johannes Löthberg (demize)
Daniel M. Capella (polyzen)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
When `paccache` is executed without administrative privileges, it shows the message:
==> Privilege escalation required
and tries to escalate with `sudo` (al least on my system).
Instead `pacdiff` does not check execution privileges, and it fails when it tries to overwrite system files.

Additional info:
* package version: 1.3.0-1

Steps to reproduce:
Execute `pacdiff` and `paccache` without administrative privileges.
This task depends upon

Closed by  Daniel M. Capella (polyzen)
Friday, 18 February 2022, 05:49 GMT
Reason for closing:  Deferred
Additional comments about closing:  The next release will include a --sudo option. If you still would like to pursue this feature, please file an issue in the pacman-contrib repo:
https://gitlab.archlinux.org/pacman/pacm an-contrib/-/issues
Comment by Raimar Sandner (RonObvious) - Monday, 03 August 2020, 18:32 GMT
In general I understand the motivation for this feature request. However, may I suggest that obtaining root privileges for the whole process could be implemented with the possibility to opt out?

I am using pacdiff without sudo, forcing sudo would break a valid use case. The way I'm using pacdiff, I can run vim with all my favorite plugins, without being forced to run pacdiff and vim itself as root. Only when the file is read or written to and from the buffer or for deletion, sudo is invoked.

This is achieved by setting DIFFPROG=vimpacdiff, where vimpacdiff is a simple script:

#!/bin/bash
vim -c "SudoEdit ${1}" -c 'diffthis' -c 'vsplit' -c "SudoEdit ${2}" -c 'diffthis' -c 'diffupdate'

Here, the SudoEdit command comes from https://github.com/tpope/vim-eunuch.
When I'm done I call ':!sudo rm %' from within vim, which deletes the .pacnew, then I 'skip' the file in pacdiff.

So as I said, the choice to use sudo or not would be great. Even better, additionally the 'rm' and 'mv' could be made configurable in pacdiff as $RMPROG and $MVPROG environment variables, similar to $DIFFPROG. Then one could set these to 'sudo mv' and 'sudo rm' and enjoy the complete pacdiff workflow while adhering to the principle of least privilege.

Loading...