Add option to run sudo -v in a loop to prevent repeated password entries (MR 1997)

Many of pmbootstrap's actions require root rights. When after requesting
sudo access pmbootstrap takes longer than the sudo timeout interval to finish
execution, the password will have to be entered again on the next sudo
action.

This change adds an opt-in feature to run sudo -v in a background loop
in order to prevent having to enter the password more than once for a single
pmbootstrap run. The loop runs as a daemon timer which automatically gets
canceled when pmbootstrap exits.

Closes: #1677
This commit is contained in:
Johannes Marbach 2020-11-30 14:08:29 +01:00
parent 8842a7d5c0
commit 1eac61bcf7
No known key found for this signature in database
GPG key ID: 5AE7F5513E0885CB
5 changed files with 49 additions and 11 deletions

View file

@ -5,6 +5,7 @@ import logging
import selectors
import subprocess
import sys
import threading
import time
import os
import pmb.helpers.run
@ -217,6 +218,31 @@ def check_return_code(args, code, log_message):
raise RuntimeError("Command failed: " + log_message)
def sudo_timer_iterate():
"""
Run sudo -v and schedule a new timer to repeat the same.
"""
subprocess.Popen(["sudo", "-v"]).wait()
timer = threading.Timer(interval=60, function=sudo_timer_iterate)
timer.daemon = True
timer.start()
def sudo_timer_start(args):
"""
Start a timer to call sudo -v periodically, so that the password is only
needed once.
"""
if "sudo_timer_active" in args.cache:
return
args.cache["sudo_timer_active"] = True
sudo_timer_iterate()
def core(args, log_message, cmd, working_dir=None, output="log",
output_return=False, check=None, sudo=False, disable_timeout=False):
"""
@ -277,6 +303,9 @@ def core(args, log_message, cmd, working_dir=None, output="log",
"""
sanity_checks(output, output_return, check)
if args.sudo_timer and sudo:
sudo_timer_start(args)
# Log simplified and full command (pmbootstrap -v)
logging.debug(log_message)
logging.verbose("run: " + str(cmd))