Kicksecure
diff --git a/‎usr/bin/dist-installer-cli‎
Lines changed: 112 additions & 69 deletions b/‎usr/bin/dist-installer-cli‎
Lines changed: 112 additions & 69 deletions
@@ -355,9 +355,14 @@ get_independent_host_pkgs() {
   ## Platform independent packages
   if has signify-openbsd; then
     ## fix Debian unconventional naming
-    signify() {
+    run_signify() {
       # shellcheck disable=SC2317
-      signify-openbsd "${@}"
+      ${user_switch_prefix}/usr/bin/signify-openbsd "${@}"
+    }
+  else
+    run_signify() {
+      # shellcheck disable=SC2317
+      ${user_switch_prefix}/usr/bin/signify "${@}"
     }
   fi
 
@@ -939,7 +944,7 @@ File '$file_name_item' exists but there is no associated VM registered in Virtua
 
 vm_delete_kicksecure() {
   if [ "${vm_or_vms_already_existing_test_result}" = "true" ]; then
-    log_run notice "${user_switch_prefix}vboxmanage" unregistervm "${guest_full_vm_name_kicksecure}" --delete
+    log_run notice ${user_switch_prefix}vboxmanage unregistervm "${guest_full_vm_name_kicksecure}" --delete
   else
     log notice "VM Deletion: Kicksecure VM does not exist, no need to delete, ok."
   fi
@@ -948,7 +953,7 @@ vm_delete_kicksecure() {
 
 vm_delete_gateway() {
   if [ "${gateway_exists}" = "1" ]; then
-    log_run notice "${user_switch_prefix}vboxmanage" unregistervm "${guest_full_vm_name_gateway}" --delete
+    log_run notice ${user_switch_prefix}vboxmanage unregistervm "${guest_full_vm_name_gateway}" --delete
   else
     log notice "VM Deletion: Gateway VM does not exist, no need to delete, ok."
   fi
@@ -957,7 +962,7 @@ vm_delete_gateway() {
 
 vm_delete_workstation() {
   if [ "${workstation_exists}" = "1" ]; then
-    log_run notice "${user_switch_prefix}vboxmanage" unregistervm "${guest_full_vm_name_workstation}" --delete
+    log_run notice ${user_switch_prefix}vboxmanage unregistervm "${guest_full_vm_name_workstation}" --delete
   else
     log notice "VM Deletion: Workstation VM does not exist, no need to delete, ok."
   fi
@@ -1879,7 +1884,7 @@ install_oracle_repository_fedora() {
       log info "Oracle Repository: Key /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle already exists."
     else
       echo "${oracle_pgp}" | \
-        tee "${log_dir_cur}/oracle-virtualbox-2016.asc" >/dev/null
+        ${user_switch_prefix}tee "${log_dir_cur}/oracle-virtualbox-2016.asc" >/dev/null
       echo "${oracle_pgp}" | \
         root_cmd tee /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle >/dev/null
       ## Optional: the key will be imported when trying to use the repository
@@ -1917,7 +1922,7 @@ install_oracle_repository_debian() {
       log info "Oracle Repository: Key /usr/share/keyrings/oracle.asc already exists."
     else
       echo "${oracle_pgp}" | \
-        tee "${log_dir_cur}/oracle-virtualbox-2016.asc" >/dev/null
+        ${user_switch_prefix}tee "${log_dir_cur}/oracle-virtualbox-2016.asc" >/dev/null
       echo "${oracle_pgp}" | \
         root_cmd tee /usr/share/keyrings/oracle-virtualbox-2016.asc >/dev/null
     fi
@@ -2446,7 +2451,7 @@ get_system_stat() {
     fi
   fi
 
-  df_output="$(df --output=avail -BG "${directory_prefix}")"
+  df_output="$(${user_switch_prefix}df --output=avail -BG "${directory_prefix}")"
   free_space_available="$(echo "$df_output" |
                 awk '/G$/{print substr($1, 1, length($1)-1)}')"
 
@@ -2721,28 +2726,52 @@ get_file() {
 
 
 test_file() {
-  local mode file
-  mode="${1}";
-  file="${2}";
+  local mode file real_file retcode
+  mode="${1}"
+  file="${2}"
+  ## realpath needs to be able to access the path it checks
+  real_file="$(sudo realpath "${file}")"
+  ## find needs to start execution in a directory it can access
+  pushd /
   if [ "${mode}" = '-f' ]; then
-    if [ -z "$("${user_switch_prefix}find" "${file}" -maxdepth 0 -follow -type f)" ];
-      then return 1
-      else return 0
+    if [ -z "$(${user_switch_prefix}find "${file}" -maxdepth 0 -follow -type f)" ]; then
+      popd
+      return 1
+    else
+      popd
+      return 0
     fi
   elif [ "${mode}" = '-d' ]; then
-    if [ -z "$("${user_switch_prefix}find" "${file}" -maxdepth 0 -follow -type d)" ];
-      then return 1
-      else return 0
+    if [ -z "$(${user_switch_prefix}find "${file}" -maxdepth 0 -follow -type d)" ];
+    then
+      popd
+      return 1
+    else
+      popd
+      return 0
     fi
   elif [ "${mode}" = '-w' ]; then
-    "${user_switch_prefix}test" -w "${file}"
+    ${user_switch_prefix}test -w "${file}"
+    retcode="$?"
+    popd
+    return "${retcode}"
   elif [ "${mode}" = '-r' ]; then
-    "${user_switch_prefix}test" -r "${file}"
+    ${user_switch_prefix}test -r "${file}"
+    retcode="$?"
+    popd
+    return "${retcode}"
   elif [ "${mode}" = '-e' ]; then
-    if [ -z "$("${user_switch_prefix}find" "${file}" -maxdepth 0)" ];
-      then return 1
-      else return 0
+    if [ -z "$(${user_switch_prefix}find "${file}" -maxdepth 0)" ];
+    then
+      popd
+      return 1
+    else
+      popd
+      return 0
     fi
+  else
+    popd
+    return 1
   fi
 }
 
@@ -3104,7 +3133,7 @@ should_download() {
   fi
   if [ "${dry_run}" = "1" ]; then
     log notice "Download: Creating download flag via '--dry-run' option."
-    log_run notice "${user_switch_prefix}touch" "${download_flag}"
+    log_run notice ${user_switch_prefix}touch "${download_flag}"
     return 0
   fi
 
@@ -3135,9 +3164,9 @@ check_signature() {
   log info "Signify key:\n${signify_key}"
   log info "Verifying file: '${signify_checksum_file}'"
   signify_pub_file="${log_dir_cur}/${signify_signer}.pub"
-  echo "${signify_key}" | tee "${signify_pub_file}" >/dev/null
+  echo "${signify_key}" | ${user_switch_prefix}tee "${signify_pub_file}" >/dev/null
 
-  log_run info "${user_switch_prefix}signify" -V -p "${signify_pub_file}" \
+  log_run info run_signify -V -p "${signify_pub_file}" \
     -m "${signify_checksum_file}" || return 1
 
   log info "Signify Signature Verification: 'success'"
@@ -3153,38 +3182,43 @@ check_hash() {
   log info "Checking SHA512 checksum: '${shafile}"
   ## $checkhash needs to be executed on the same folder as the compared file.
   log info "Changing to directory: '${dir}'"
-  cd "${dir}"
-  # shellcheck disable=SC2086
-  log_run info ${user_switch_prefix}${checkhash} "${shafile}" || return 1
+  if [ -n "${user_switch_prefix}" ]; then
+    ## user_switch_prefix="sudo -u user " (including space at end of string)
+    ${user_switch_prefix}-D "${dir}" ${checkhash} "${shafile}" || return 1
+  else
+    cd "${dir}"
+    # shellcheck disable=SC2086
+    log_run info ${user_switch_prefix}${checkhash} "${shafile}" || return 1
+  fi
   log info "SHA512 Hash Verification: 'success'"
 }
 
 
 check_signature_test() {
   log info "Unit testing signature, expecting non-zero exit code."
-  "${user_switch_prefix}rm" -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
-  "${user_switch_prefix}cp" "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums" "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
-  echo "" | "${user_switch_prefix}tee" "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test" >/dev/null
+  ${user_switch_prefix}rm -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
+  ${user_switch_prefix}cp "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums" "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
+  echo "" | ${user_switch_prefix}tee "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test" >/dev/null
   if ! check_signature "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test" 2>/dev/null; then
-    "${user_switch_prefix}rm" -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
+    ${user_switch_prefix}rm -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
     log info "Received expected non-zero exit code from unit test."
   else
-    "${user_switch_prefix}rm" -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
+    ${user_switch_prefix}rm -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
     die 104 "${underline}SHA512 Hash Verification (unit test):${nounderline} 'FAIL' - received a zero as exit code, expected non-zero."
   fi
 }
 
 
 check_hash_test() {
   log info "Unit testing checksum, expecting non-zero exit code."
-  "${user_switch_prefix}rm" -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
-  "${user_switch_prefix}cp" "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums" "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
-  echo "" | "${user_switch_prefix}tee" "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test" >/dev/null
+  ${user_switch_prefix}rm -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
+  ${user_switch_prefix}cp "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums" "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
+  echo "" | ${user_switch_prefix}tee "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test" >/dev/null
   if ! check_hash "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test" 2>/dev/null; then
-    "${user_switch_prefix}rm" -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
+    ${user_switch_prefix}rm -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
     log info "Received expected non-zero exit code from unit test."
   else
-    "${user_switch_prefix}rm" -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
+    ${user_switch_prefix}rm -f "${directory_prefix}/${guest_file}.${guest_file_ext}.sha512sums.test"
     die 104 "${underline}SHA512 Hash Verification (unit test):${nounderline} 'FAIL' - received a zero as exit code, expected non-zero."
   fi
 }
@@ -3207,7 +3241,7 @@ check_integrity() {
   check_signature_test
   check_hash_test
 
-  log_run info "${user_switch_prefix}touch" "${download_flag}"
+  log_run info ${user_switch_prefix}touch "${download_flag}"
 
   log notice "Integrity Check Result: 'success'"
 }
@@ -3457,11 +3491,12 @@ set_default() {
 set_target_user_account() {
   local user
   user="${1:-}"
-  if ! getent passwd "${user}" >/dev/null; then
-    die 1 "Specified user '${user}' does not exist."
-  fi
   user_switch_prefix="sudo -u ${user} "
-  user_home_dir="$(getent passwd "${user}" | cut -d':' -f6)"
+  ## getent may fail if the user doesn't exist, however we ignore it for now.
+  ## The reason is because if this is run as a user account `sysmaint` on a
+  ## system with no user `user`, this will fail, but the user may have passed
+  ## their own --user and --directory-prefix flags which will fix it.
+  user_home_dir="$(getent passwd "${user}" | cut -d':' -f6)" || true
   vboxmanage_locale_english="${user_switch_prefix}${vboxmanage_locale_english}"
 }
 
@@ -3471,21 +3506,12 @@ adjust_default_for_sysmaint_maybe() {
     log info 'Sysmaint user present, checking current user name...'
 
     if [ "$(id -un)" = 'sysmaint' ]; then
-      log info "Running as sysmaint, adjusting behavior if needed."
-
-      if [ -z "${user_switch_prefix}" ]; then
-        if ! getent passwd user >/dev/null; then
-          die 1 "User 'user' does not exist, please set --user manually."
-        fi
-        set_target_user_account 'user'
-      fi
+      log info "Running as sysmaint, adjusting behavior."
 
-      if [ "${directory_prefix}" = "${HOME}/dist-installer-cli-download" ]; then
-        if [ ! -d "${user_home_dir}" ]; then
-          die 1 "${user_home_dir} does not exist, something is seriously wrong."
-        fi
-        directory_prefix="${user_home_dir}/dist-installer-cli-download"
-      fi
+      set_target_user_account 'user'
+      directory_prefix="${user_home_dir}/dist-installer-cli-download"
+    else
+      log info 'Not running as sysmaint user, ok.'
     fi
   else
     log info 'Sysmaint user not present, ok.'
@@ -3553,6 +3579,23 @@ parse_name() {
 }
 
 
+copy_thru_barrier() {
+  local source dest source_basename dest_realpath dest_file
+
+  source="${1}"
+  dest="${2}"
+  source_basename="$(basename "${source}")"
+  dest_realpath="$(sudo realpath "${dest}")"
+  if test_file -d "${dest_realpath}"; then
+    dest_file="${dest_realpath}/${source_basename}"
+  else
+    dest_file="${dest_realpath}"
+  fi
+
+  ${user_switch_prefix}tee "${dest_file}" > /dev/null < "${source}"
+}
+
+
 ## Parse command-line options.
 parse_opt() {
   local directory_prefix_parent last_run_integer cur_run_integer log_dir_main
@@ -3715,7 +3758,7 @@ parse_opt() {
     ## is set to '~/', the parent '/home' is not writable.
 
     log info "Creating directory: '${directory_prefix}'"
-    mkdir -p "${directory_prefix}" ||
+    ${user_switch_prefix}mkdir -p "${directory_prefix}" ||
       die 1 "Failed to created directory: '${directory_prefix}'"
     test_file -w "${directory_prefix}" ||
       die 1 "Directory isn't writable: '${directory_prefix}'"
@@ -3738,9 +3781,9 @@ parse_opt() {
 
     ## If the commands below fail, it should have failed earlier for the
     ## parent directory permissions, not below.
-    "${user_switch_prefix}mkdir" -p "${log_dir_cur}"
-    "${user_switch_prefix}cp" "${0}" "${log_dir_cur}"
-    "${user_switch_prefix}touch" "${log_file_user}"
+    ${user_switch_prefix}mkdir -p "${log_dir_cur}"
+    copy_thru_barrier "${0}" "${log_dir_cur}";
+    ${user_switch_prefix}touch "${log_file_user}"
   fi
 
   # shellcheck disable=SC2194
@@ -3785,15 +3828,15 @@ log_term_and_file() {
     return 0
   fi
 
-  touch "${log_file_user}"
-  touch "${log_file_debug}"
+  ${user_switch_prefix}touch "${log_file_user}"
+  ${user_switch_prefix}touch "${log_file_debug}"
   ## By appending '&' at the end, log_file_user would remain empty.
-  true "exec > >(tee -a \"${log_file_user}\") 2> >(tee -a \"${log_file_debug}\" >&2)"
-  exec > >(tee -a "${log_file_user}") 2> >(tee -a "${log_file_debug}" >&2)
+  true "exec > >(${user_switch_prefix}tee -a \"${log_file_user}\") 2> >(${user_switch_prefix}tee -a \"${log_file_debug}\" >&2)"
+  exec > >(${user_switch_prefix}tee -a "${log_file_user}") 2> >(${user_switch_prefix}tee -a "${log_file_debug}" >&2)
   ## Bash has built-in feature to redirect xtrace to the specified file.
   # shellcheck disable=SC2039
-  true "exec 9>>${log_file_debug}"
-  exec 9>>"${log_file_debug}"
+  true "exec 9> >(${user_switch_prefix}tee -a \"${log_file_debug}\")"
+  exec 9> >(${user_switch_prefix}tee -a "${log_file_debug}")
   export BASH_XTRACEFD=9
   set -o xtrace
   xtrace=1
@@ -3816,11 +3859,11 @@ run_installer() {
   set_trap
   ## Parse script name for wanted values.
   parse_name
-  ## Parse command-line options.
-  parse_opt "${@}"
   ## If sysmaint is in use and the user hasn't configured their own directory
   ## prefix and target user, default to target account 'user'.
   adjust_default_for_sysmaint_maybe
+  ## Parse command-line options.
+  parse_opt "${@}"
   ## Logging mechanism.
   log_term_and_file