update hooks: migrate sudoers tweaks with older chroots

The make_chroot script was upgraded to add its customizations to a file in /etc/sudoers.d/ instead of modifying /etc/sudoers. Then the sudo ebuild was updated to not modify /etc/sudoers anymore. This meant for older chroots, the customizations that make_chroot added were lost in the process. Add an upgrade hook that creates the split /etc/sudoers.d/ file for older chroots that did not go through the newer make_chroot. BUG=chromium-os:11991 TEST=set chroot to 16, deleted file, ran build_packages: chroot updated to 17 and created correct /etc/sudoers.d/90_cros file TEST=set chroot to 17, create /etc/sudoers.d/90_cros, ran build_packages: chroot updated to 17 and left existing file alone Change-Id: I279ac3e15380e02b50a752a62cecbd94171fd724 Reviewed-on: https://gerrit.chromium.org/gerrit/11774 Reviewed-by: David James <davidjames@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
2025-08-08 05:26:58 +02:00 · 2011-11-16 13:20:22 -05:00 · 2011-11-16 13:20:22 -05:00 · 48edc99a55
commit 48edc99a55
parent 2d7d6fd17b
1 changed files with 32 additions and 0 deletions
--- a/chroot_version_hooks.d/17_sudo_90_cros
+++ b/chroot_version_hooks.d/17_sudo_90_cros
@ -0,0 +1,32 @@
+# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Older chroots used to tweak /etc/sudoers directly, but we split that
+# off into files in /etc/sudoers.d/.  One of those is handled by the
+# make_chroot helper, so make sure we upgrade old chroots which missed
+# the migration to /etc/sudoers.d/90_cros.
+frag="/etc/sudoers.d/90_cros"
+if [ ! -e ${frag} ]; then
+  tmp=$(mktemp 2>/dev/null || echo /tmp/17_upgrade_hook.$$)
+  cat <<EOF > "${tmp}" || exit 1
+Defaults env_keep += CROS_WORKON_SRCROOT
+Defaults env_keep += CHROMEOS_OFFICIAL
+Defaults env_keep += PORTAGE_USERNAME
+Defaults env_keep += http_proxy
+Defaults env_keep += ftp_proxy
+Defaults env_keep += all_proxy
+%adm ALL=(ALL) ALL
+root ALL=(ALL) ALL
+$USER ALL=NOPASSWD: ALL
+EOF
+  cmds=(
+    "mkdir -p -m 0750 '${frag%/*}'"
+    "chmod 0440 '${tmp}'"
+    "chown root:root '${tmp}'"
+    "mv '${tmp}' '${frag}'"
+  )
+  sudo_multi "${cmds[@]}"
+fi
+
+exit 0