Reversed the way sudo is used.

2025-06-08 17:01:18 -05:00 · 2025-06-08 17:01:18 -05:00 · da0342c486
commit da0342c486
parent 144fa010cb
2 changed files with 65 additions and 49 deletions
--- a/configure-machine.sh
+++ b/configure-machine.sh
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -x


 # This script configures converted Lenovo N42 ChromeBooks loaded with Linux Mint XFCE.
@ -7,42 +7,40 @@
 function configureMachine() {

 	# Update everything.
-	apt-get -y update
-	apt-get -y upgrade
-	apt-get -y dist-upgrade
-	apt-get -y autoremove
+	sudo apt-get -y update
+	sudo apt-get -y upgrade
+	sudo apt-get -y dist-upgrade
+	sudo apt-get -y autoremove
 	
 	# Tools for us.
-	apt-get -y install mc joe openssh-server
+	sudo apt-get -y install mc joe openssh-server byobu
 	
 	# Disable screensaver/blanking/dimming.
 	xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-enabled -t bool -s false --create
-	xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0 --create
-	xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/brightness-on-ac -s 9 --create
-	xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/brightness-level-on-ac -s 100 --create
+	xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -t int -s 0 --create
+	xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/brightness-on-ac -t int -s 9 --create
+	xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/brightness-level-on-ac -t int -s 100 --create
 	
 	# Change clock format.
 	plugin_name="$( xfconf-query -c xfce4-panel -p /plugins -lv | grep -E '/plugins/plugin-[0-9]+.*clock' | cut -d" " -f '1-1' )"
-	xfconf-query -c xfce4-panel -p ${plugin_name}/digital-time-format -t "string" -s '%l:%M:%S %P' --create
-	xfconf-query -c xfce4-panel -p ${plugin_name}/digital-date-format -t "string" -s '%b %d, %Y' --create
+	xfconf-query -c xfce4-panel -p ${plugin_name}/digital-time-format -t string -s '%l:%M:%S %P' --create
+	xfconf-query -c xfce4-panel -p ${plugin_name}/digital-date-format -t string -s '%b %d, %Y' --create

 	# Disable unneeded desktop services.
-	mkdir -p /home/${SUDO_USER}/.config/autostart
+	mkdir -p /home/${USER}/.config/autostart
 	declare -a disable=("light-locker" "mintreport" "mintupdate" "mintwelcome" "nvidia-prime" "sticky" "warpinator-autostart")
 	for i in "${disable[@]}"; do
-		echo -e "[Desktop Entry]\nHidden=True\n" > /home/${SUDO_USER}/.config/autostart/${i}.desktop
+		echo -e "[Desktop Entry]\nHidden=True\n" > /home/${USER}/.config/autostart/${i}.desktop
 	done
-	chown -R ${SUDO_USER}:${SUDO_USER} /home/${SUDO_USER}/.config/autostart
 	
 	# Install Moonlight.
-	flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
-	flatpak install -y flathub com.moonlight_stream.Moonlight
+	sudo flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+	sudo flatpak install -y flathub com.moonlight_stream.Moonlight

 	# Configure Moonlight.
-	sudo -i -u ${SUDO_USER} flatpak run com.moonlight_stream.Moonlight quit   # This generates the ~/.var/ structure for the config.
+	flatpak run com.moonlight_stream.Moonlight quit   # This generates the ~/.var/ structure for the config.
 	wget https://forge.duensing.digital/Duensing_Digital/chromebook-linux/raw/branch/master/Moonlight.conf
-	chown ${SUDO_USER}:${SUDO_USER} Moonlight.conf
-	mv Moonlight.conf "/home/${SUDO_USER}/.var/app/com.moonlight_stream.Moonlight/config/Moonlight Game Streaming Project/."
+	mv Moonlight.conf "/home/${USER}/.var/app/com.moonlight_stream.Moonlight/config/Moonlight Game Streaming Project/."

 	# Add icon to desktop
 	cat <<- ICON > /home/${SUDO_USER}/Desktop/Moonlight.desktop
@ -51,68 +49,79 @@ function configureMachine() {
 		Type=Application
 		Name=Moonlight
 		Comment=Game Streaming Client
-		Exec=/home/${SUDO_USER}/moonlight.sh
+		Exec=/home/${USER}/moonlight.sh
 		Icon=network-idle
-		Path=/home/${SUDO_USER}
+		Path=/home/${USER}
 		Terminal=false
 		StartupNotify=false
 	ICON
-	chown ${SUDO_USER}:${SUDO_USER} /home/${SUDO_USER}/Desktop/Moonlight.desktop


-:<<SKIP	
 	# Make Moonlight run on startup.
-	ln -s /home/${SUDO_USER}/Desktop/Moonlight.desktop /home/${SUDO_USER}/.config/autostart/.
-	chown -R ${SUDO_USER}:${SUDO_USER} /home/${SUDO_USER}/.config/autostart/Moonlight.desktop
-SKIP
+	#ln -s /home/${USER}/Desktop/Moonlight.desktop /home/${USER}/.config/autostart/.
 	
 	# Remove unnwanted software.
-	apt-get -y purge evolution-data-server
+	sudo apt-get -y purge evolution-data-server

-	# Create auto-update script.
-	apt-get -y install shc
-	cat <<- UPDATE > /home/${SUDO_USER}/unsafe-update.sh
+	# Create auto-update scripts.
+	sudo apt-get -y install shc
+	cat <<- UPDATE > /home/${USER}/unsafe-update.sh
 		#!/bin/bash
 		###
 		### THIS IS TOTALLY NOT A SECURE WAY TO UPDATE ANYTHING! ###
 		###
-		if [[ -f unsafe-update-payload.sh ]]; then
-			rm -f unsafe-update-payload.sh
-		fi
-		wget https://forge.duensing.digital/Duensing_Digital/chromebook-linux/raw/branch/master/unsafe-update-payload.sh
-		if [[ -f unsafe-update-payload.sh ]]; then
-			source unsafe-update-payload.sh
-			unsafeUpdate
+		echo "Waiting for network."
+		while [ "$(hostname -I)" = "" ]; do
+			sleep 1
+		done
+		sleep 3
+		if [[ ${EUID} -eq 0 ]]; then
+			if [[ -f unsafe-update-payload.sh ]]; then
+				source unsafe-update-payload.sh
+				unsafeUpdateRoot
+			fi			
+		else
+			if [[ -f unsafe-update-payload.sh ]]; then
+				rm -f unsafe-update-payload.sh
+			fi
+			wget https://forge.duensing.digital/Duensing_Digital/chromebook-linux/raw/branch/master/unsafe-update-payload.sh
+			if [[ -f unsafe-update-payload.sh ]]; then
+				source unsafe-update-payload.sh
+				unsafeUpdate
+			fi
+			./unsafe-update-root.sh.x
 		fi
 	UPDATE
-	shc -S -f /home/${SUDO_USER}/unsafe-update.sh
-	chmod u+s /home/${SUDO_USER}/unsafe-update.sh.x
-	rm /home/${SUDO_USER}/unsafe-update.sh.x.c
+	# Compile root update script so it can be suid.
+	shc -S -f /home/${USER}/unsafe-update.sh
+	cp -f /home/${USER}/unsafe-update.sh.x /home/${USER}/unsafe-update-root.sh.x
+	sudo chown root:root /home/${SUDO_USER}/unsafe-update-root.sh.x
+	sudo chmod u+s /home/${SUDO_USER}/unsafe-update-root.sh.x
+	rm /home/${USER}/unsafe-update-root.sh.x.c

 	# Add auto update icon to autostart.
-	cat <<- ICON > /home/${SUDO_USER}/.config/autostart/AutoUpdate.desktop
+	cat <<- ICON > /home/${USER}/.config/autostart/AutoUpdate.desktop
 		[Desktop Entry]
 		Version=1.0
 		Type=Application
 		Name=Auto Update
 		Comment=Duensing Digital Client Auto Update
-		Exec=/home/${SUDO_USER}/unsafe-update.sh.x
+		Exec=/home/${USER}/unsafe-update.sh.x
 		Icon=mintupdate-type-backport
-		Path=/home/${SUDO_USER}
+		Path=/home/${USER}
 		Terminal=true
 		StartupNotify=false
 	ICON
-	chown ${SUDO_USER}:${SUDO_USER} /home/${SUDO_USER}/.config/autostart/AutoUpdate.desktop
 	
 	# Reboot!
-	reboot
+	sudo reboot
 }


-if [[ ${EUID} -ne 0 ]]; then
-	echo "${0} must be run as root."
+if [[ ${EUID} -eq 0 ]]; then
+	echo "${0} must NOT be run as root."
 	exit 1
 fi

 # All the config is in a function so we can stream this script from forge.duensing.digital.
-configureMachine
+configureMachine 2>&1 | tee /home/${SUDO_USER}/configureMachine.log
--- a/unsafe-update-payload.sh
+++ b/unsafe-update-payload.sh
@ -1,4 +1,11 @@
 function unsafeUpdate() {
+
+	# Additional updates that require 'user'.
+	true
+}
+
+
+function unsafeUpdateRoot() {
 	# Handle system updates.
 	apt-get update
 	apt-get -fy upgrade
@ -8,5 +15,5 @@ function unsafeUpdate() {
 		shutdown -r now 
 	fi
 	
-	# Additional updates.
+	# Additional updates that require root.
 }