search

dyne / tomb

the Crypto Undertaker
https://dyne.org/software/tomb
GNU General Public License v3.0
1.32k stars 151 forks source link

Tomb fails if sudo is not installed #498

Open JonasVautherin opened 8 months ago

JonasVautherin commented 8 months ago

Tomb is supposed to support alternatives to sudo (e.g. doas), but the script fails if sudo is not installed. I have seen it fail in two places:

  1. in _ensure_dependencies():
for req in cryptsetup pinentry sudo gpg mkfs.ext4 e2fsck; do

Maybe sudo should not be in that list? Also I am not completely sure if that list should exist: I tried to run it from an alpine container, and other dependencies were missing (including losetup, e2fsprogs). To me it feels like the system package manager should take care of the dependencies. Or at least maybe _ensure_dependencies() could check the value of --sudo?

  1. Still in _ensure_dependencies, this fails for me if I don't have sudo installed (even if I specify --sudo doas):
    [[ "$SUDO" == "sudo" ]] && {
        command -v sudo 1>/dev/null 2>/dev/null ||
        _failure "No privilege escalation tool found, not even sudo"
    }

Same as above, maybe it could be solved by checking --sudo?

Other than that, it works for me with --sudo doas :+1:. I would be happy to make a patch, test it and open a PR, but I'd like to have your opinion first. Can it just use option_is_set --sudo in _ensure_dependencies()?

amalgame21 commented 8 months ago

Hi! Do you encounter the problem that I have in #470 while using --sudo doas?

JonasVautherin commented 8 months ago

Do you encounter the problem that I have in #470 while using --sudo doas?

I do, yes, but I thought it would be the next problem to solve :see_no_evil:. I am using OpenDoas on Alpine.

Do you have the problem I have above?

amalgame21 commented 8 months ago

Yes, I have the same problem as you mentioned above, but I installed doas-sudo-shim to get around it, which is just a shim for the sudo command that utilizes doas. Seems you are also using OpenDoas from Duncaen, same as mine.

JonasVautherin commented 8 months ago

but I installed doas-sudo-shim to get around it

Right, sounds like a valid workaround. In my case I really would like to fix the tomb script, because ideally I would like to make and maintain a package for Alpine.

jaromil commented 7 months ago

Hi @JonasVautherin ! thanks for this and the other report. You are welcome to file a PR with the fix you propose here, also remove sudo from the list of requirements.

The req check is there to issue an error before processing in case vital system components are missing, else tomb would proceed processing and perhaps hang in the mid of it (mapper without mount etc.) with third party error messages. We cannot rely on packaging for requirements, many of us use tomb as a simple drop-in script.