diff --git a/setup/arch-autoinstall.sh b/setup/arch-autoinstall.sh index cc16119..8911ad0 100755 --- a/setup/arch-autoinstall.sh +++ b/setup/arch-autoinstall.sh @@ -626,7 +626,15 @@ if [[ "${RUN_TUI^^}" == "YES" ]]; then # Grant passwordless sudo temporarily so the TUI installer can call pacman/yay # without needing a password inside the chroot (the real sudoers is already set). # The file is removed immediately after the TUI exits. - echo "${USERNAME} ALL=(ALL) NOPASSWD: ALL" \ + # + # Two lines are needed, not just a NOPASSWD command rule: + # * ` ALL=(ALL:ALL) NOPASSWD: ALL` makes `sudo ` passwordless. + # * `Defaults: !authenticate` makes `sudo -v` passwordless too. Several + # installers (starship, rustup, …) call `sudo -v` to pre-authorise, and that + # check demands a password whenever the user has ANY password-required + # sudoers entry — which tester does, via the wheel rule in 10-wheel. Without + # !authenticate the TUI stalls on a hidden `[sudo] password` prompt. + printf 'Defaults:%s !authenticate\n%s ALL=(ALL:ALL) NOPASSWD: ALL\n' "$USERNAME" "$USERNAME" \ | arch-chroot /mnt tee /etc/sudoers.d/99-setup-nopasswd > /dev/null arch-chroot /mnt chmod 0440 /etc/sudoers.d/99-setup-nopasswd diff --git a/setup/archbaseos-guided-install.sh b/setup/archbaseos-guided-install.sh index 12f653c..2ba2f6f 100755 --- a/setup/archbaseos-guided-install.sh +++ b/setup/archbaseos-guided-install.sh @@ -628,7 +628,10 @@ _DO_TUI="${RUN_TUI}" if [[ "${_DO_TUI^^}" == "YES" ]]; then # Grant temporary passwordless sudo so the TUI installer can call pacman/yay # inside the chroot without a password. Removed immediately after the script exits. - echo "${USERNAME} ALL=(ALL) NOPASSWD: ALL" \ + # `Defaults: !authenticate` is required alongside the NOPASSWD command + # rule: installers like starship/rustup call `sudo -v`, which still demands a + # password whenever the user has any password-required entry (the wheel rule). + printf 'Defaults:%s !authenticate\n%s ALL=(ALL:ALL) NOPASSWD: ALL\n' "$USERNAME" "$USERNAME" \ | arch-chroot /mnt tee /etc/sudoers.d/99-setup-nopasswd > /dev/null arch-chroot /mnt chmod 0440 /etc/sudoers.d/99-setup-nopasswd