search

topgrade-rs / topgrade

Upgrade all the things
GNU General Public License v3.0
1.95k stars 127 forks source link

Ask for all passwords at start #830

Open Bouni opened 3 months ago

Bouni commented 3 months ago

I want to suggest some general feature

Topgrade should ask for all passwords before the actual updates ar run. This would allow for kind of an unattended update experience. Otherwise I have to sit and wait for the next remote host password getting asked ...

SteveLauC commented 3 months ago

A blind think tells me that this is not something easy to implement, some questions in my mind:

  1. Where to store the password? On some OSes, there are system level keychain support, e.g., macOS, Windows, Linux(GNOME and KDE), other platforms do not have these thing.
  2. How can Topgrade know a step (child process) is asking for a user input? Maybe we can check the child process's state?
  3. How can Topgrade "input" the password? On UNIX platforms, a command may read input from stdin, or the process's controlling terminal directly
Bouni commented 3 months ago

I don't know how it is determined at the moment that a password is needed, especially if I have set pre_sudo = true. With that option, do you ask for the sudo password anyway even if it not needed? Is a child process started for every host to update? Can these processes only be handled after each other? If not can you first handle the pre_sudo for every child process before you actaull run the updates on them?

SteveLauC commented 3 months ago

I don't know how it is determined at the moment that a password is needed, especially if I have set pre_sudo = true.

I think a command after sudo does not require a password input, it requires privilege, sudo requires the password to enable the privilege. pre_sudo works here because sudo caches this privilege so that another password is not needed if the cached privilege is not expired.

With that option, do you ask for the sudo password anyway even if it not needed?

It is provided by sudo, not Topgrade, and sudo won't store your password, see this for more info: https://askubuntu.com/a/190320/1417245

Is a child process started for every host to update? Can these processes only be handled after each other? If not can you first handle the pre_sudo for every child process before you actaull run the updates on them?

Looks like you are talking about remote execution (via ssh), if so, pre_sudo only works on the current host (since it requires your current user's login password), it is not related to remote execution.