1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
From: NoisyCoil <noisycoil@debian.org>
Date: Tue, 5 Aug 2025 13:12:47 +0200
Subject: Do not depend on the sudo crate
The sudo crate is unmaintained and internally responsible for privilege
escalation, which is not great. Tell the user to manually run the binary
as root instead. When executed as a desktop application, the program is
covered by polkit anyway.
---
Cargo.toml | 2 +-
src/main.rs | 5 +++++
src/startup_disk.rs | 5 +++++
src/startup_disk/asahi.rs | 4 ++--
src/window.rs | 8 ++++----
5 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index f4d3c70..03c7692 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -16,8 +16,8 @@ adw = { version = "0.7.1", package = "libadwaita", features = ["v1_6"] }
asahi-bless = "0.4.2"
gtk = { version = "0.9.5", package = "gtk4", features = ["gnome_47"] }
rand = "0.9"
-sudo = "0.6"
uuid = "1.11"
+uzers = "0.12"
[build-dependencies]
glib-build-tools = "0.18.0"
diff --git a/src/main.rs b/src/main.rs
index 9dc02c4..57e8f41 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -12,6 +12,11 @@ use gtk::{gio, glib};
use application::StartupDiskApplication;
fn main() -> glib::ExitCode {
+ // Only run as root
+ if uzers::get_effective_uid() != 0 {
+ startup_disk::exit_as_root();
+ }
+
// Register and include resources
gio::resources_register_include!("startup-disk.gresource")
.expect("Failed to register resources.");
diff --git a/src/startup_disk.rs b/src/startup_disk.rs
index ea423eb..edfbec7 100644
--- a/src/startup_disk.rs
+++ b/src/startup_disk.rs
@@ -87,3 +87,8 @@ pub fn startup_disk_library() -> &'static dyn StartupDiskTrait {
startup_disk_library
}
+
+pub fn exit_as_root() {
+ eprintln!("Error: this program must be run as root");
+ std::process::exit(1);
+}
diff --git a/src/startup_disk/asahi.rs b/src/startup_disk/asahi.rs
index 7f899c1..2dc2fac 100644
--- a/src/startup_disk/asahi.rs
+++ b/src/startup_disk/asahi.rs
@@ -13,12 +13,12 @@ impl StartupDiskTrait for AsahiBlessLibrary {
}
fn needs_escalation(&self, method: &str) -> bool {
- match method {
+ (match method {
"get_boot_candidates" => true,
"get_boot_volume" => true,
"set_boot_volume" => true,
&_ => false,
- }
+ }) && (uzers::get_effective_uid() != 0)
}
fn get_boot_candidates(&self) -> Result<Vec<BootCandidate>> {
diff --git a/src/window.rs b/src/window.rs
index 9790507..28fa1f8 100644
--- a/src/window.rs
+++ b/src/window.rs
@@ -90,7 +90,7 @@ use adw::{
use crate::boot_candidate::object::BootCandidateObject;
use crate::boot_candidate::BootCandidateWidget;
-use crate::startup_disk::startup_disk_library;
+use crate::startup_disk::{exit_as_root, startup_disk_library};
glib::wrapper! {
pub struct StartupDiskWindow(ObjectSubclass<imp::StartupDiskWindow>)
@@ -124,7 +124,7 @@ impl StartupDiskWindow {
{
let startup_disk_library = startup_disk_library();
if startup_disk_library.needs_escalation("set_boot_volume") {
- sudo::escalate_if_needed().unwrap();
+ exit_as_root();
}
startup_disk_library
.set_boot_volume(
@@ -182,7 +182,7 @@ impl StartupDiskWindow {
// Get default boot candidate
if startup_disk_library.needs_escalation("get_boot_volume") {
- sudo::escalate_if_needed().unwrap();
+ exit_as_root();
}
let default_cand = startup_disk_library
.get_boot_volume("/dev/mtd/by-name/nvram", false)
@@ -190,7 +190,7 @@ impl StartupDiskWindow {
// Add boot candidates to list store
if startup_disk_library.needs_escalation("get_boot_candidates") {
- sudo::escalate_if_needed().unwrap();
+ exit_as_root();
}
for (idx, cand) in startup_disk_library
|
