diff --git a/scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh b/scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh index 0f3b58f..a1a1c9b 100755 --- a/scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh +++ b/scripts/digital_wellbeing/pacman/install_pacman_wrapper.sh @@ -89,15 +89,25 @@ chmod 755 "$INTEGRITY_DIR" # Generate checksums of policy files for integrity verification echo -e "${BLUE}Generating integrity checksums for policy files...${NC}" + +# Ensure all critical policy files exist before checksumming +missing_files=() +[[ ! -f "$BLOCKED_DEST" ]] && missing_files+=("$BLOCKED_DEST") +[[ ! -f "$GREYLIST_DEST" ]] && missing_files+=("$GREYLIST_DEST") + +if [[ ${#missing_files[@]} -gt 0 ]]; then + echo -e "${RED}Error: Critical policy files are missing:${NC}" + printf '%s\n' "${missing_files[@]}" >&2 + echo -e "${RED}Installation incomplete. Cannot create integrity file.${NC}" + exit 1 +fi + { - if [[ -f "$BLOCKED_DEST" ]]; then - sha256sum "$BLOCKED_DEST" || { echo -e "${RED}Failed to checksum blocked list${NC}"; exit 1; } - fi - if [[ -f "$GREYLIST_DEST" ]]; then - sha256sum "$GREYLIST_DEST" || { echo -e "${RED}Failed to checksum greylist${NC}"; exit 1; } - fi + sha256sum "$BLOCKED_DEST" || { echo -e "${RED}Failed to checksum blocked list${NC}" >&2; exit 1; } + sha256sum "$GREYLIST_DEST" || { echo -e "${RED}Failed to checksum greylist${NC}" >&2; exit 1; } + # Whitelist is optional if [[ -f "$WHITELIST_DEST" ]]; then - sha256sum "$WHITELIST_DEST" || { echo -e "${RED}Failed to checksum whitelist${NC}"; exit 1; } + sha256sum "$WHITELIST_DEST" || { echo -e "${RED}Failed to checksum whitelist${NC}" >&2; exit 1; } fi } > "$INTEGRITY_FILE" diff --git a/scripts/digital_wellbeing/pacman/pacman_wrapper.sh b/scripts/digital_wellbeing/pacman/pacman_wrapper.sh index 69189e9..7d1118d 100755 --- a/scripts/digital_wellbeing/pacman/pacman_wrapper.sh +++ b/scripts/digital_wellbeing/pacman/pacman_wrapper.sh @@ -791,6 +791,8 @@ enforce_vbox_hosts_if_needed() { # VirtualBox is installed but enforcement not applied - this is critical echo -e "${YELLOW}VirtualBox detected. Applying /etc/hosts enforcement to VMs...${NC}" >&2 + # Note: The wrapper may be running as non-root user (via sudo pacman), but enforcement + # script needs root. We check EUID to avoid double sudo if already running as root. if [[ $EUID -ne 0 ]]; then if ! sudo bash "$vbox_enforce_script" enforce; then echo -e "${RED}CRITICAL: Failed to enforce hosts on VirtualBox VMs!${NC}" >&2 diff --git a/scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh b/scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh index 6806871..972b517 100644 --- a/scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh +++ b/scripts/digital_wellbeing/virtualbox/enforce_vbox_hosts.sh @@ -13,9 +13,10 @@ BLUE='\033[0;34m' CYAN='\033[0;36m' NC='\033[0m' # No Color -# Auto-sudo functionality +# Auto-sudo functionality with confirmation if [ "$EUID" -ne 0 ]; then - echo -e "${YELLOW}Executing with sudo...${NC}" + echo -e "${YELLOW}This script requires root privileges to configure VirtualBox VMs.${NC}" + echo -e "${CYAN}Executing with sudo...${NC}" exec sudo "$0" "$@" fi