Not sure if I understand but nice if you can do it.
In other words, I am basically looking to square a circle. Sudo may or may not have such a feature. Here’s the pseudo code that I am looking for:
sudo $actual_command_to_run_with_sudo \
--sudo-to-user-communication-i.e.-authentication-request stdout(default) \
--sudo-to-user-communication-in-case-of-authentication-failure stderr(default) \
--stdout-of-actual_command_to_run_with_sudo /tmp/cmd-output.txt \
--stderr-of-actual_command_to_run_with_sudo /tmp/cmd-output.txt
The problem with this is that it hides from the user:
- sudo’s request to authenticate,
- sudo’s notification in case of authentication failure.
Maybe you mean or we could something like this:
rm -f ./sudo-output.text
touch ./sudo-output.text
## launch sudo into the background
sudo command 1>./sudo-output.text 2>&1
sudo_pid=$!
tail -f ./sudo-output.text &
tail_pid=$!
wait $sudo_pid || sudo_error_handling
kill -9 $tail_pid
This is rather complex and all of this for the corner case of maybe handful of users who fully disabled sudo credentials caching. So I doubt we should go for a complex and therefore error-prone solution. Got another idea…
This should work anyhwere:
Here’s the pseudo code:
## This code we already have:
log info "Testing root login"
root_cmd echo "Successful root login" ||
die 1 "Failed to run test command as root."
## Below we could add:
user_using_sudo_credential_caching=""
if sudo --non-interactive test -d /usr ; then
user_using_sudo_credential_caching=yes
fi
if [ ! "$user_using_sudo_credential_caching" = "yes" ]; then
log info "credential caching detected: no"
return 0
fi
log info "credential caching detected: yes"
sudo_output=$(root_cmd timeout --kill-after 5 5 test -d /usr 2>&1)
if [ "$sudo_output" = "" ]; then
log info "sudo output test success."
return 0
fi
log error "sudo output: '$sudo_output'"
die 105 "sudo output was expected to be empty but is actually non-empty. This is likely a system configuration issue."
bugs:
- In function
virtualbox_start_failed there is currently an issue:
The installer succeeded with download and import, but
But that function doesn’t really know that. If previously downloaded/imported, this is actually false.
I thought maybe I’ll get the information if the installer was downloading from should_download but that function might produce extraneous terminal output. Maybe should_download should be split into two functions, one for test only and one for output? Or set a variable there to indicate if an actual download took place so it can be checked later?
That function also doesn’t know if any import or re-import was done.
Another option would be to simplify the output of that function and just drop it but I think it’s quite useful as it’s supposed to be now?
--redownload (without additional options) is broken, doesn’t actually re-download if previously downloaded and already imported.
Version detection was broken due to Whonix version API changes.
Now fixed.
And new version uploaded just now.
function install_virtualbox_debian:
if test "${has_vboxmanage}" = "1" && test "${has_linux_headers}" = "1"; then
log notice "vboxmanage and ${linux_headers}"
install_virtualbox_debian_common_end
return 0
fi
This could use a comment why it’s done like this.
It might happen that vboxmanage is installed but VirtualBox-Qt is not.
I guess that’s to cover case where a user installed VirtualBox from the oracle repository already?
if test "${has_vboxmanage}" != "1"; then
log notice "Preparing to install VirtualBox"
install_backports_and_fasttrack_repository_debian
fasttrack_added=1
install_pkg virtualbox
fi
if test "${has_virtualbox_qt}" != "1"; then
log notice "Preparing to install VirtualBox-QT"
test "${fasttrack_added-}" != 1 && install_backports_and_fasttrack_repository_debian
install_pkg virtualbox-qt
fi
I think we don’t need both, because since virtualbox is a dependency of virtualbox-qt, installing virtualbox-qt alone would be sufficient?
log notice "Installing packages required for backports and fasttrack repository."
install_pkg apt-transport-https ca-certificates fasttrack-archive-keyring
Tiny bug. Because if these packages are installed, no more feedback is given, which makes it seem a bit weird.
log info "If you would like to redownload the image, read about --redownload (safe)."
log info "If you would like to reimport the image, read about --reimport (danger)."
Should that be log notice so its shown by default and easier to learn about for users?
New version uploaded just now.
Added some more minor improvements and refactoring.
New version was uploaded.
Thanks to @grass now also only VirtualBox can be installed without installing Kicksecure or Whonix:
New version was uploaded.
1 Like
The Whonix Linux Installer is now capable to install VirtualBox on Debian bookworm.
New version was uploaded just now.
1 Like
Merged your repository adding refactoring.
Fixed a syntax error.
CI success.
Uploaded new version just now.
bug: a few extraneous messages.
whonix-installer-xfce --reimport --testers --destroy-existing-guest -n
whonix-installer-xfce: [NOTICE]: If you would like to redownload the image, read about --redownload (safe).
whonix-installer-xfce: [NOTICE]: If you would like to reimport the image, read about --reimport (danger).
Just some minor things, perfections… I am wondering if we can standardize or at least improve the output format.
One thing I am pretty sure about.
kicksecure-installer-xfce: [NOTICE]: Detected architecture: x86_64.
kicksecure-installer-xfce: [NOTICE]: Detected system: Linux.
The trailing dot seems unnecessary in a format:
Test name: test result
Other useful improvements? Test results always within single quotes (')? Example:
kicksecure-installer-xfce: [NOTICE]: Detected system: ‘Linux’
When to use underline?
When to use bold?
Maybe consistent use isn’t warranted as some things are to be specifically highlighted because specifically important.
kicksecure-installer-xfce: [NOTICE]: Detecting guest version…
kicksecure-installer-xfce: [NOTICE]: User defined, dry_run or dev version already configured. Autodetection form API not required.
These are a bit inconsistent because these don’t use the format:
Test or action name name: details