From 91609b534fe19e13587c68fa8c5123b8baad7d91 Mon Sep 17 00:00:00 2001
From: Dylan Araps <dylan.araps@gmail.com>
Date: Mon, 18 May 2020 10:59:34 +0300
Subject: [PATCH] opendoas: Update config file

---
 extra/opendoas/checksums       |  2 +-
 extra/opendoas/files/doas.conf | 28 ++++++++++++++++++----------
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/extra/opendoas/checksums b/extra/opendoas/checksums
index 39b3d9d4..2bba9340 100644
--- a/extra/opendoas/checksums
+++ b/extra/opendoas/checksums
@@ -1,2 +1,2 @@
 baf5a2c73116781519cf03b5b9147eee8db69e8b052eaa81caf093107226b4fe  v6.6.1.tar.gz
-677b59e402a1b4dbdd119d5a8bc4c6c27315419feaefc9e06f7b3f43b0b9dd39  doas.conf
+846a251c646e61329086eda6abde26329f5a358d5eeab1a0f075db36e5997687  doas.conf
diff --git a/extra/opendoas/files/doas.conf b/extra/opendoas/files/doas.conf
index 8a6645bf..687322c1 100644
--- a/extra/opendoas/files/doas.conf
+++ b/extra/opendoas/files/doas.conf
@@ -2,21 +2,29 @@
 # Priority increases with linenumber.
 # See doas.conf(5) for details.
 
-#permit :wheel
-#permit nopass root
+# permit persist :wheel
+# permit nopass root
 
-# KEEP THIS AT THE BOTTOM.
+# This config file isn't very powerful at all compared to
+# the likes of sudo's. It's very difficult to tell it that
+# we want to permit running the package manager and package
+# manager alone (hence the 'git'/'env' listings).
+#
+# Further, the 'persist' feature is too strict and will beg
+# you for a password every time 'doas' is run from a script`.
+# Despite sudo's complexity, I recommened it over doas for
+# better control.
+#
+# I'm working on a better overall solution.
 
 # Allow wheel to run kiss with password required.
-# NOTE: The setenv { ... } is required for the package manager.
-# permit keepenv setenv { HOME KISS_PATH KISS_FORCE } :wheel cmd kiss
-# permit :wheel cmd git args fetch
-# permit :wheel cmd git args diff
-# permit :wheel cmd git args merge
+# permit persist :wheel cmd env
+# permit persist :wheel cmd git args fetch
+# permit persist :wheel cmd git args diff
+# permit persist :wheel cmd git args merge
 
 # Allow wheel to run kiss without a password.
-# NOTE: The setenv { ... } is required for the package manager.
-# permit nopass keepenv setenv { HOME KISS_PATH KISS_FORCE } :wheel cmd kiss
+# permit nopass :wheel cmd env
 # permit nopass :wheel cmd git args fetch
 # permit nopass :wheel cmd git args diff
 # permit nopass :wheel cmd git args merge