librelad 7acfdabbac refactor(de-sudo): backup subsystem data ops via runFileOp/runFileWrite
The backup engine already drops to the backup user (sudo -E -u
$docker_install_user) and backupLocationOwner == $docker_install_user, which is
exactly what runFileOp/runFileWrite resolve to in both modes. So convert the
raw-sudo data ops (mkdir/chmod/rm/find/cat/grep/mv/chown/tee on backup repos,
location configs, keys, manifests) to runFileOp/runFileWrite — creating files
as the owner directly, no root chown. backup_verify creates its scratch as the
backup user (runFileOp mktemp) instead of chown-after. Binary installs
(kopia tar/install, borg dnf) -> runSystem. The 44 sudo -u engine drops stay
(already least-privilege; the scoped sudoers will grant them).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 17:01:05 +01:00

25 lines
793 B
Bash

#!/bin/bash
borgInstall()
{
if command -v borg >/dev/null 2>&1; then
local v
v=$(borg --version 2>/dev/null | head -1)
isNotice "BorgBackup already installed ($v)"
return 0
fi
isHeader "Installing BorgBackup"
if command -v apt-get >/dev/null 2>&1; then
runSystem apt-get install -y borgbackup && return 0
elif command -v dnf >/dev/null 2>&1; then
runSystem dnf install -y borgbackup && return 0
elif command -v pacman >/dev/null 2>&1; then
runSystem pacman -S --noconfirm borg && return 0
fi
isError "Could not install BorgBackup — no supported package manager found."
isNotice "Install manually (https://borgbackup.readthedocs.io/) and re-run 'libreportal backup location init'."
return 1
}