Package example script to run wayland software as root?
When looking for a way to run wayland software as root (yes, I know, running graphical applications as root is discouraged, but tools like gparted exist, which basically require that), I stumbled over multiple "how-tos" which suggest using waypipe to achieve this. Unfortunately, many suggested solutions (for example https://unix.stackexchange.com/a/718268/498490) are wrapped in shell scripts which don't follow best security practices and may open up the user to some attacks.
Therefore I suggest packaging a "sample" script with waypipe which does exactly that in a secure way. My suggestion would be (based slightly on the StackExchange answer linked above:
#!/bin/bash
# unofficial bash "strict" mode
set -euo pipefail
IFS=$'\n\t'
SOCKDIR="$(mktemp --tmpdir -d waysudo.XXXXXXXXXX || exit 1)"
trap 'rm -rf "$SOCKDIR"; exit' ERR EXIT
waypipe --socket "$SOCKDIR/socket" client &
# try different sudo variants
for sudo in sudo-rs doas sudo
do
if which "$sudo" >/dev/null
then
break
fi
done
"$sudo" sh -c "XDG_RUNTIME_DIR=\$HOME/.cache/waysudo/ ; mkdir -m 700 -p \$XDG_RUNTIME_DIR ; export XDG_RUNTIME_DIR ; waypipe --socket '$SOCKDIR/socket' server -- $(printf "%q " "$@")"
kill %1
Feel free to just close this issue if you don't want to support such a thing ;)