From 087b96efc11a66092f6d3287d43565d63446dbf7 Mon Sep 17 00:00:00 2001 From: Chris Jackson Date: Fri, 24 Jan 2025 17:58:21 +0000 Subject: [PATCH] feat: doas is no more --- README.md | 7 ++----- create_server_installer.py | 19 ------------------- 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 4f37b32..e81b463 100644 --- a/README.md +++ b/README.md @@ -5,8 +5,6 @@ the following sane open-source solution. * [SquashFS](https://en.wikipedia.org/wiki/SquashFS) * With the json manifest located inside the image `_deploy/push.json` -* [OpenDoas](https://wiki.archlinux.org/title/Doas) - * To allow deploy user to run the script as root, it is a lot safer than SUDO and Polkit. * [Minisign](https://jedisct1.github.io/minisign/) * For image and user verification, the public key is cherry picked by the client `username@hostname`, as mentioned earlier it a stateless system. @@ -22,7 +20,6 @@ File: `build.py` ```python #!/usr/bin/env python3 import os -import shutil import sys project_path = "" @@ -126,8 +123,8 @@ run-deploy currently has three editions. ### remote-incus * python3.11 +* systemd * squashfuse -* doas * dash * minisign * incus @@ -135,8 +132,8 @@ run-deploy currently has three editions. ### remote-metal * python3.11 +* systemd * squashfuse -* doas * dash * minisign diff --git a/create_server_installer.py b/create_server_installer.py index 9199514..0d73598 100755 --- a/create_server_installer.py +++ b/create_server_installer.py @@ -59,8 +59,6 @@ # Enable strict mode by default pathlib.Path("opt/run-deploy/options/strict").write_text("strict", 'utf-8') -doas_permission = [] - uv_stub = None if toml_config.get("uv", False): uv_stub = pathlib.Path(f"{current_path}/uv_stub.py").read_text("utf-8").strip() + "\n" @@ -80,14 +78,6 @@ def copy(src: str, dest: str): run_deploy_target_path = f"opt/run-deploy/bin/{os.path.basename(run_deploy_path).removesuffix('.py')}" copy(run_deploy_path, run_deploy_target_path) os.chmod(run_deploy_target_path, 0o700) - if run_deploy_target_path.endswith("-cli"): - doas_permission.append( - f"permit nopass setenv {{ RUN_DEPLOY_TOKEN RUN_DEPLOY_KEY }} {toml_config['deploy_user']} as root cmd /{run_deploy_target_path}" - ) - else: - doas_permission.append( - f"permit nopass {toml_config['deploy_user']} as root cmd /{run_deploy_target_path}" - ) if os.path.exists(f"{current_path}/{toml_config['edition']}/_opt"): shutil.copytree(f"{current_path}/{toml_config['edition']}/_opt", "opt/run-deploy", dirs_exist_ok=True) @@ -111,10 +101,6 @@ def copy(src: str, dest: str): systemd_symlinks = "\n".join(systemd_symlinks) systemd_cmd = "\n".join(systemd_cmd) -doas = pathlib.Path("opt/run-deploy/etc/doas.conf") -doas.write_text("\n".join(doas_permission), 'utf-8') -doas.chmod(0o400) - update = pathlib.Path("update.sh") update.write_text("""#!/bin/dash cp -p opt/run-deploy/bin/* /opt/run-deploy/bin @@ -141,11 +127,6 @@ def copy(src: str, dest: str): cp /opt/run-deploy/ssh/authorized_keys /home/{toml_config['deploy_user']}/.ssh chown root:{toml_config['deploy_user']} /home/{toml_config['deploy_user']}/.ssh/authorized_keys -# Copy doas -chmod 600 /etc/doas.conf 2> /dev/null -cat /opt/run-deploy/etc/doas.conf >> /etc/doas.conf -chmod 400 /etc/doas.conf - exit 0 """, 'utf-8') install.chmod(0o755)