#!/bin/bash

## Copyright (C) 2022 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

set -x
set -e

true "$0: START"

true "$0: INFO: This program is for debugging and developers-only."

if [ ! "$1" = "force" ]; then
   true "$0: ERROR: No argument given!" >&2
   exit 1
fi

if ! sudo test -d /usr ; then
  true "\
$0: ERROR: Either:
- sudo is not installed.
- Wrong sudo password has been entered.
- sudo is inaccessible. This program MUST be run in SYSMAINT session."
  exit 1
fi

if [ -f /usr/share/qubes/marker-vm ]; then
  sudo passwordless-root --qubes-rw
else
  sudo passwordless-root
fi

privleapd --check-config

## https://www.kicksecure.com/wiki/Sysmaint#enable_sudo_access_in_USER_session
sudo append-once /etc/privleap/conf.d/privleap-debugging.conf "\
[action:sudo]
Command=/usr/libexec/helper-scripts/sudo-tools-enable
AuthorizedGroups=sudo
AuthorizedUsers=user
"

privleapd --check-config
sudo systemctl restart privleapd.service
privleapd --check-config

leaprun sudo

true "$0: END: OK"
