aboutsummaryrefslogtreecommitdiff
path: root/todo.org
diff options
context:
space:
mode:
authorCraig Jennings <c@cjennings.net>2026-07-01 13:03:02 -0400
committerCraig Jennings <c@cjennings.net>2026-07-01 13:03:02 -0400
commita8bd962b4fb806e6769d9e4e5e3cfc730e887a7f (patch)
treeade110707a7d74eee47d2eda2112eddac0ae76da /todo.org
parent926d58ce21533c841dc7863c4e9e6bcf2368085c (diff)
downloadarchsetup-a8bd962b4fb806e6769d9e4e5e3cfc730e887a7f.tar.gz
archsetup-a8bd962b4fb806e6769d9e4e5e3cfc730e887a7f.zip
docs(todo): mark net-priv helper (V2.1) landed
Diffstat (limited to 'todo.org')
-rw-r--r--todo.org22
1 files changed, 13 insertions, 9 deletions
diff --git a/todo.org b/todo.org
index a37f02a..7d88ebd 100644
--- a/todo.org
+++ b/todo.org
@@ -200,15 +200,19 @@ contract for what diagnose must detect and what the panel must say.
- Missing speedtest backend — Detect: speedtest-go absent. Report: "Install speedtest-go to run a speed test."
- Privileged op fails (helper missing / sudo declined) — Detect: helper exits non-zero or absent. Report: "Couldn't get admin rights for this repair — <install/fix the helper>."
-*** TODO Sudo helper + NOPASSWD sudoers (gates everything; archsetup-installed)
-Root-owned =/usr/local/bin/net-priv= (or similar), NOT stowed/user-writable, dispatching net's
-fixed privileged verbs; narrow NOPASSWD sudoers scoped to that helper only. =repair.py= calls
-=sudo net-priv <verb>=. Must also fix the latent bug it unblocks: the detached
-=portal_restore_watch= runs with no tty and can't prompt, so today =_restore_dot= silently fails
-when sudo creds aren't cached, leaving DNS unencrypted until a manual =net portal --restore=.
-Separately reconcile where velox's DoT actually lives (currently -DNSOverTLS, no drop-in, so the
-"drop DoT" step is a no-op there; =NET_DOT_CONF= overrides the path) — decide whether velox should
-run DoT at all.
+*** 2026-07-01 Wed @ 13:02 -0400 net-priv helper landed (V2.1)
+Craig's call: stowed (not root-owned), low security on locked-down single-user machines.
+Shipped =net.priv= module + stowed =net-priv= bin (dotfiles =00aac1e=): a fixed 12-verb set
+(rfkill/radio/mac-random/conn-up/net-off/net-on/restart-nm/dns-set/dns-revert/restart-resolved/
+dot-disable/dot-enable) with per-arg validation (uuid/iface/ipv4/resolved.conf.d-path, injection
+rejected). =repair.py= now routes every privileged op through =priv.run(verb)= in-process instead
+of scattered inline sudo — which also fixes the detached DoT-restore watcher (runs privileged ops
+with no tty) and closes the gap where rfkill repair ran unprivileged. 244 net + 33 dotfiles suites
+green. NO new sudoers needed: archsetup already grants =%<user> ALL=(ALL) NOPASSWD: ALL=
+(archsetup:1089), so every build's primary user already runs net-priv's commands passwordless;
+"replicate in archsetup" is already satisfied. net-priv rides =make stow hyprland=; hand-linked on
+velox. The velox DoT-path reconcile (whether velox should run DoT at all) stays open — folded into
+the deeper reconcile, low priority since the guard makes it a no-op.
*** TODO Merged Diagnostics panel + nav restructure (Connections | Diagnostics | Performance)
**** 2026-06-30 Tue @ 17:36 -0400 Dispositioned the 4th-review findings into the spec
Codex's 9 fourth-review findings (8 accept, 1 modify) are folded into the spec's