Pamac in a shell script

BaumiCoder · 14 September 2024 16:10

I want to write a shell script to set up some stuff on my new Manjaro machines. Installing some packages (incl. AUR) is a main part of it. I want to use the default package manager pamac for this. To avoid user interaction for every install command, I use --no-confirm and the whole script is executed with root privileges (with sudo).

Now I found that warning in the documentation:

Using sudo with pamac can have undesirable effects, especially when building packages. if in doubt, don’t use sudo. Pamac will ask for escalated rights if needed.

If I understand that correctly, running my shell script with root privileges is a bad idea. How to avoid user interactions for higher privileges without running the script with root privileges?

For testing purposes, I already installed vscodium-bin (AUR) with sudo pacman build. With the first update of this package I encountered already a problem. Updating with pamac GUI failed, because the repository could not be cloned. Running the update with pamac CLI was possible. Is the installation with sudo maybe the reason for such a problem?

megavolt · 14 September 2024 17:58

With Polkit, what Pamac uses, you have to configure it. See: polkit - ArchWiki

Get the Action ID:

 pkaction | grep pamac

Add file: /etc/polkit-1/rules.d/49-nopasswd_pamac.rules

polkit.addRule(function(action, subject) {
    if (action.id == "org.manjaro.pamac.commit" &&
        subject.isInGroup("wheel"))
    {
        return polkit.Result.YES;
    }
});

Now every user who is in group wheel (so called Admin) can use pamac passwordless.

BaumiCoder · 15 September 2024 07:29

Okay, this works. So without sudo there is no user interaction necessary anymore.

My script is running with root privileges because of other tasks, which need them. To run as a normal user again, I have to call pamac like this:

user=username # Name of a user in the wheel group
runAsUser="runuser $user --login -s /bin/sh -c"
install="$runAsUser pamac install --no-confirm"
# Example usage:
$install thunderbird

So a configuration to be able to use root would be nicer, but it works.

I only want to have the passwordless modus for pamac during the run of my script. Is there a smoother way to achieve this than deleting the configuratin file at the end of the script?

megavolt · 15 September 2024 08:05

No. Pamac was developed as GUI, afterward there came the CLI. So keep in mind that the priority here is the GUI.

CLI-only programs are more suitable to your needs. Use pacman for official packages and yay (or whatever) to install AUR packages.

Besides that, it is a terrible practice to run the whole user script as root and not only parts of it as needed. In most cases, this is just pure laziness on the part of the author.

BaumiCoder:

user=username # Name of a user in the wheel group
runAsUser="runuser $user --login -s /bin/sh -c"
install="$runAsUser pamac install --no-confirm"
# Example usage:
$install thunderbird

RunAsRoot () { sudo --login --user=root "$@"; }
InstallPackage () { pamac install --no-confirm "$@"; }
# Example usage:
InstallPackage thunderbird
RunAsRoot whoami

Anyway, good success

BaumiCoder · 15 September 2024 08:27

I already thought about this approach, but later I want to update everything with pamac GUI. Is it a good Idea to install with pacman / yay and update with pamac or could the lead to any problems?

interesting approach When and how often the user is asked for the sudo password?

megavolt · 15 September 2024 08:37

It makes no difference to the end result.

sudo will remember the password for 5min by default and don’t ask again within this time space. Timeout can be increased.

system · 18 September 2024 08:38

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.