no sudo prompt, cleaner output

03-install.sh

@@ -1,4 +1,6 @@
 #!/bin/sh
+# TODO:
+# - Check all variables to avoid root execution on unspecified places
 
 debian_install_certs() {
 # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
@@ -7,7 +9,7 @@ printf '\033[1mExtraer fichero...\033[0m\n' # DEBUG
 (cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
 for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do
     certname="${cert##*/}"
-    printf '%s' "$SUDO_PASSWORD" | sudo -Sk cp "$cert" /usr/local/share/ca-certificates/"${certname%.cer}.crt"
+    printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' cp "$cert" /usr/local/share/ca-certificates/"${certname%.cer}.crt"
 done
 
 # Extraer módulo privativo
@@ -16,11 +18,11 @@ PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient[-_]*.deb")"
 PACKAGE_DIR="${PACKAGE%/*}"
 PACKAGE="${PACKAGE##*/}"
 (cd "$PACKAGE_DIR" && ar p "$PACKAGE" data.tar.gz | tar zx ./usr/lib/x64-athena/libASEP11.so)
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
 
 # Instalar componentes
 printf '\033[1mPaquetería, certificados y módulos...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c '
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c '
 # --- Prerequisitos ---
 apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx > /dev/null
 systemctl enable --now pcscd.socket > /dev/null
@@ -42,7 +44,7 @@ ln -sf /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS
 # Archivos de configuración
 
 printf '\033[1mConfigurando IDPClientDB...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
 mkdir -p /etc/Athena
 echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 <IDProtect>
@@ -68,13 +70,13 @@ echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 "
 
 printf '\033[1mConfigurando p11-kit/modules...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
 mkdir -p /usr/share/p11-kit/modules
 echo 'remote: |bwrap --unshare-all --dir /tmp --ro-bind /etc/Athena /etc/Athena --proc /proc --dev /dev --ro-bind /usr /usr --ro-bind /lib /lib --ro-bind /lib64 /lib64 --ro-bind /var/run/pcscd /var/run/pcscd --ro-bind /run/pcscd /run/pcscd p11-kit remote /usr/lib/x86_64-linux-gnu/libASEP11.so' > /usr/share/p11-kit/modules/firma-digital.module
 "
 
 printf '\033[1mConfigurando p11-kit update symlinks...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
 mkdir -p /usr/local/sbin
 echo \"#!/bin/sh
 
@@ -126,7 +128,7 @@ chmod +x /usr/local/sbin/update-p11-kit-symlinks
 "
 
 printf '\033[1mConfigurando módulo mantenimiento systemd...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
 mkdir -p /etc/systemd/system
 echo \"[Unit]
 Description=mantenimiento de enlaces a p11-kit-proxy
@@ -142,7 +144,7 @@ systemctl enable --now p11-kit-proxy-updater.service > /dev/null
 "
 
 printf '\033[1mInstalando trust module pk11...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
 mkdir -p /etc/pkcs11/modules
 echo 'disable-in:' > /etc/pkcs11/modules/p11-kit-trust.module
 "
@@ -153,8 +155,8 @@ fedora_install_certs() {
 # Extraer fichero descargado
 printf '\033[1mExtraer fichero...\033[0m\n' # DEBUG
 (cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk cp -p "$(find "$SAVE_DIR" -name "Certificados")"/* /usr/share/pki/ca-trust-source/anchors/
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' cp -p "$(find "$SAVE_DIR" -name "Certificados")"/* /usr/share/pki/ca-trust-source/anchors/
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk update-ca-trust
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' update-ca-trust
 
 # Extraer módulo privativo
 printf '\033[1mExtraer módulo privativo...\033[0m\n' # DEBUG
@@ -162,8 +164,8 @@ PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient[-_]*.rpm")"
 PACKAGE_DIR="${PACKAGE%/*}"
 PACKAGE="${PACKAGE##*/}"
 (cd "$PACKAGE_DIR" && rpm2cpio "$PACKAGE" | cpio -dim ./usr/lib/x64-athena/libASEP11.so)
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib64/
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib64/
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c '
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c '
 mkdir -p /usr/lib/x64-athena/
 mkdir -p /Firma_Digital/LIBRERIAS/
 ln -s /usr/lib64/libASEP11.so /usr/lib/x64-athena/
@@ -176,7 +178,7 @@ ln -s /usr/share/pki/ca-trust-source/anchors /Firma_Digital/CERTIFICADOS
 # Archivos de configuración
 
 printf '\033[1mConfigurando IDPClientDB...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
 mkdir -p /etc/Athena
 echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 <IDProtect>
@@ -202,7 +204,7 @@ echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 "
 
 printf '\033[1mConfigurando p11-kit/modules...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' sh -c "
 mkdir -p /usr/share/p11-kit/modules
 echo 'remote: |bwrap --unshare-all --dir /tmp --proc /proc --dev /dev --ro-bind /etc/Athena /etc/Athena --ro-bind /usr /usr --ro-bind /var/run/pcscd /var/run/pcscd --ro-bind /run/pcscd /run/pcscd --symlink /usr/lib64 /lib64 p11-kit remote /usr/lib64/libASEP11.so' > /usr/share/p11-kit/modules/firma-digital.module
 "

04-main.sh

@@ -9,27 +9,29 @@ set_lang
 set_version
 
 if command -v zenity > /dev/null ; then
+    echo "DEBUG: Start zenity" # DEBUG
     MENU="zenity"
     zenity --title "$TITLE" --text "$PROMPT_WELCOME" --info
     ! command -v curl > /dev/null && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS curl" --error && exit 1
 
-    # Serial number is required for download
+    echo "DEBUG: Serial number is required for download" # DEBUG
     SERIAL="$(zenity --title "$TITLE" --text "$PROMPT_SERIAL" --entry)"
     [ -z "$SERIAL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_SERIAL" --error && exit 1
 
-    # Generate tempkey & Define DOWNLOAD_URL
+    
+    echo "DEBUG: Generate tempkey & Define DOWNLOAD_URL" # DEBUG
     ARCHIVE="$(get_archive)"
     TEMPKEY="${ARCHIVE##* }"
     FILE="${ARCHIVE%% *}"
     DOWNLOAD_URL="$(printf 'https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=%s' "$TEMPKEY")"
     [ -z "$DOWNLOAD_URL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
-    [ -z "$ARCHIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
+    [ -z "$FILE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
     SAVE_DIR="/tmp/soportefirmadigital"
     SAVE_FILE="$SAVE_DIR/$FILE"
     mkdir -p "$SAVE_DIR"
     SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
 
-    # Download file & show progress
+    echo "DEBUG: Download file & show progress" # DEBUG
     (curl -sL "$DOWNLOAD_URL" -o "$SAVE_FILE") &
     while true ; do
         sleep 0.5
@@ -45,11 +47,19 @@ if command -v zenity > /dev/null ; then
     ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
     [ -n "$ACTIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
 
-    # Install dependencies, components and certificates according to OS
+    echo "DEBUG: Ask & check sudo password" # DEBUG
     SUDO_PASSWORD="$(zenity --title "$TITLE" --password)"
     [ -z "$SUDO_PASSWORD" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS_INSTALL" --error && exit 1
-    install_certs | zenity --title "$TITLE" --text "$PROMPT_DEPS_INSTALL" --progress --pulsate --auto-close
+    CORRECT_SUDO_PASSWORD="$(printf '%s' "$SUDO_PASSWORD" | sudo -Skp '' whoami >/dev/null 2>&1 || printf 'no')"
-    # zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS_INSTALL" --error && exit 1
+    [ "$CORRECT_SUDO_PASSWORD" = "no" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS_INSTALL" --error && exit 1
+
+    # Attempt to install, forward output to zenity
+    # but keep exit code of install function
+    echo "DEBUG: Install dependencies, components and certificates according to OS" # DEBUG
+    ( ( ( (install_certs; echo $? >&3) |
+        zenity --title "$TITLE" --text "$PROMPT_DEPS_INSTALL" --progress --pulsate --auto-close >&4) 3>&1 ) |
+        (read -r xs; exit "$xs") ) 4>&1
+    [ "$?" != "0" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS_INSTALL" --error && exit 1
 
     zenity --title "$TITLE" --text "$PROMPT_END_SUCCESS" --info
 
@@ -62,9 +72,13 @@ else
     term_prompt "$TITLE" "$PROMPT_SERIAL" entry && read -r SERIAL
     [ -z "$SERIAL" ] && term_prompt "$TITLE" "$PROMPT_ERR_SERIAL" error && exit 1
 
-    # Generate tempkey & Define DOWNLOAD_URL
+    echo "DEBUG: Generate tempkey & Define DOWNLOAD_URL" # DEBUG
-    DOWNLOAD_URL="$(get_certs_url)"
+    ARCHIVE="$(get_archive)"
+    TEMPKEY="${ARCHIVE##* }"
+    FILE="${ARCHIVE%% *}"
+    DOWNLOAD_URL="$(printf 'https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=%s' "$TEMPKEY")"
     [ -z "$DOWNLOAD_URL" ] && term_prompt "$TITLE" "$PROMPT_ERR_DOWNLOAD" error && exit 1
+    [ -z "$FILE" ]         && term_prompt "$TITLE" "$PROMPT_ERR_DOWNLOAD" error && exit 1
     SAVE_DIR="/tmp/soportefirmadigital"
     SAVE_FILE="$SAVE_DIR/$FILE"
     mkdir -p "$SAVE_DIR"