From 1a401b58cb8b0519e4abbf8abf180d50cb18077f Mon Sep 17 00:00:00 2001
From: Tobias Ulmer <tu@emlix.com>
Date: Mon, 25 Jun 2018 20:08:25 +0200
Subject: [PATCH] Add optional sudo support to e2factory

Once sudo is enable, e2-su-2.2 suid permissions can be removed and set
to 755.

Signed-off-by: Tobias Ulmer <tu@emlix.com>
---
 INSTALL              |  9 +++++++--
 doc/man/e2.conf.5.in |  8 +++++++-
 generic/e2lib.lua    | 26 +++++++++++++++++++++++++-
 generic/tools.lua    |  1 +
 4 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/INSTALL b/INSTALL
index ca985c5..ca2d1b7 100644
--- a/INSTALL
+++ b/INSTALL
@@ -13,8 +13,13 @@ First make sure that the following packages are installed in your system
 
 More packages are required but usually installed by default.
 
-e2factory uses a unix group named ebs by default. All users of e2factory
-must belong to that group. Create the group.
+e2factory requires root permissions to build in a chroot environment.
+It uses the suid helper e2-su-2.2 belonging to the unix group "ebs".
+
+Alernatively users can configure the use of sudo without password and
+set e2-su-2.2 permissions to 755. Check the manual for further details.
+
+All users of e2factory must belong to the ebs group. Create the group.
 
   groupadd ebs
 
diff --git a/doc/man/e2.conf.5.in b/doc/man/e2.conf.5.in
index 1e63125..70d4d1d 100644
--- a/doc/man/e2.conf.5.in
+++ b/doc/man/e2.conf.5.in
@@ -73,7 +73,7 @@ config {
     }
   },
   tools = {
-    ["<tool-name>"] = { name="<string>", flags="<string>" },
+    ["<tool-name>"] = { name="<string>", flags="<string>", enable=<bool> },
     ...
   },
   cache = {
@@ -187,6 +187,12 @@ Type: String
 .br
 Flags/arguments to be passed to the tool.
 
+.TP
+.BR enable
+Type: Boolean
+.br
+Enables or disables the use of an optional tool.
+
 .TP
 .BR cache
 Type: Table
diff --git a/generic/e2lib.lua b/generic/e2lib.lua
index 0606af3..836cfab 100644
--- a/generic/e2lib.lua
+++ b/generic/e2lib.lua
@@ -2466,8 +2466,32 @@ end
 -- @return bool
 function e2lib.e2_su_2_2(argv)
     assert(type(argv) == "table")
+    local rc, re
+
+    rc, re = e2lib.get_global_config()
+    if not rc then
+        return false, re
+    end
+
+    rc, re = tools.enabled("sudo")
+    if rc then
+        local cmd
 
-    return e2lib.call_tool_argv("e2-su-2.2", argv)
+        cmd, re = tools.get_tool_flags_argv("e2-su-2.2")
+        if not cmd then
+            return false, re
+        end
+
+        for _,arg in ipairs(argv) do
+            table.insert(cmd, arg)
+        end
+
+        table.insert(cmd, 1, "--")
+
+        return e2lib.call_tool_argv("sudo", cmd)
+    else
+        return e2lib.call_tool_argv("e2-su-2.2", argv)
+    end
 end
 
 --- call the tar command
diff --git a/generic/tools.lua b/generic/tools.lua
index 099ed8d..f53a66b 100644
--- a/generic/tools.lua
+++ b/generic/tools.lua
@@ -312,6 +312,7 @@ function tools.add_default_tools()
         unzip = { name = "unzip", flags = "", optional = false },
         ["e2-su-2.2"] = { name = buildconfig.BINDIR .. "/e2-su-2.2",
         flags = "", optional = false },
+        sudo = { name = "sudo", optional = true, enable = false },
     }
 
     for name, t in pairs(defaults) do
-- 
2.39.5