From 8ae087b79948cdb69ad8dbb6333465eac9ed0a72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Dubois?= <jdubois@evolix.fr>
Date: Thu, 9 Feb 2023 16:07:14 +0100
Subject: [PATCH] OpenBSD - Replaced check_sudomaint with check_doasmaint and
 removed check_wheel

---
 openbsd/CHANGELOG   |  8 ++++++++
 openbsd/evocheck.sh | 15 +++------------
 2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/openbsd/CHANGELOG b/openbsd/CHANGELOG
index 989dfad..f654a69 100644
--- a/openbsd/CHANGELOG
+++ b/openbsd/CHANGELOG
@@ -7,11 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Replaced check_sudomaint with check_doasmaint because evomaintenance is used with doas, not with sudo
+
 ### Fixed
 
 - check_history: escape $HOME variable
 - check_pkgmirror: fix openbsd mirror
 
+### Removed
+
+- check_wheel: wheel group mustn't be sudo because we use the evolinux-sudo group
+
 ## [22.11] - 2022-11-28
 
 ### Changed
diff --git a/openbsd/evocheck.sh b/openbsd/evocheck.sh
index 8fe7558..37fab0b 100755
--- a/openbsd/evocheck.sh
+++ b/openbsd/evocheck.sh
@@ -188,11 +188,6 @@ check_pfenabled(){
         failed "IS_PFENABLED" "PF is disabled! Make sure pf=NO is absent from /etc/rc.conf.local and carefully run pfctl -e"
     fi
 }
-check_wheel(){
-    if [ -f /etc/sudoers ]; then
-        grep -qE "^%wheel.*$" /etc/sudoers || failed "IS_WHEEL" ""
-    fi
-}
 check_pkgmirror(){
     grep -qE "^https?://ftp\.evolix\.org/openbsd" /etc/installurl || failed "IS_PKGMIRROR" "Check whether the right repo is present in the /etc/installurl file"
 }
@@ -212,12 +207,9 @@ check_ttyc0secure(){
 check_customsyslog(){
     grep -q EvoBSD /etc/newsyslog.conf || failed "IS_CUSTOMSYSLOG" ""
 }
-check_sudomaint(){
-    file=/etc/sudoers
+check_doasmaint(){
     # shellcheck disable=SC2015
-    grep -q "Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh" $file \
-    && grep -q "%wheel ALL=NOPASSWD: MAINT" $file \
-    || failed "IS_SUDOMAINT" ""
+    grep -q "permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :evolinux-ssh as root cmd /usr/share/scripts/evomaintenance.sh" /etc/doas.conf || failed "IS_DOASMAINT" "Make sure evomaintenance.sh permission are properly configured in /etc/doas.conf"
 }
 check_nrpe(){
     if ! is_installed monitoring-plugins || ! is_installed nrpe; then
@@ -540,13 +532,12 @@ main() {
     test "${IS_CARPPREEMPT:=1}" = 1 && check_carppreempt
     test "${IS_REBOOTMAIL:=1}" = 1 && check_rebootmail
     test "${IS_PFENABLED:=1}" = 1 && check_pfenabled
-    test "${IS_WHEEL:=1}" = 1 && check_wheel
     test "${IS_PKGMIRROR:=1}" = 1 && check_pkgmirror
     test "${IS_HISTORY:=1}" = 1 && check_history
     test "${IS_VIM:=1}" = 1 && check_vim
     test "${IS_TTYC0SECURE:=1}" = 1 && check_ttyc0secure
     test "${IS_CUSTOMSYSLOG:=1}" = 1 && check_customsyslog
-    test "${IS_SUDOMAINT:=1}" = 1 && check_sudomaint
+    test "${IS_DOASMAINT:=1}" = 1 && check_doasmaint
     test "${IS_NRPE:=1}" = 1 && check_nrpe
     test "${IS_RSYNC:=1}" = 1 && check_rsync
     test "${IS_CRONPATH:=1}" = 1 && check_cronpath