From 6716210ca5b53b8eb2082a1f30a18b68d29e5b43 Mon Sep 17 00:00:00 2001
From: Brad Warren <bmw@eff.org>
Date: Fri, 21 Jul 2017 10:35:25 -0700
Subject: [PATCH] run all of certbot-auto as root

---
 letsencrypt-auto-source/letsencrypt-auto      | 59 ++++++++++---------
 .../letsencrypt-auto.template                 | 59 ++++++++++---------
 2 files changed, 64 insertions(+), 54 deletions(-)

diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto
index 47cb6372e..b9ee38cc7 100755
--- a/letsencrypt-auto-source/letsencrypt-auto
+++ b/letsencrypt-auto-source/letsencrypt-auto
@@ -49,6 +49,7 @@ Help for certbot itself cannot be provided until it is installed.
                                             implies --non-interactive
 
 All arguments are accepted and forwarded to the Certbot client when run."
+export CERTBOT_AUTO="$0"
 
 for arg in "$@" ; do
   case "$arg" in
@@ -149,35 +150,39 @@ su_sudo() {
   su root -c "$args"
 }
 
-SUDO_ENV=""
-export CERTBOT_AUTO="$0"
-if [ -n "${LE_AUTO_SUDO+x}" ]; then
-  case "$LE_AUTO_SUDO" in
-    su_sudo|su)
-      SUDO=su_sudo
-      ;;
-    sudo)
-      SUDO=sudo
-      SUDO_ENV="CERTBOT_AUTO=$0"
-      ;;
-    '') ;; # Nothing to do for plain root method.
-    *)
-      error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."
-      exit 1
-  esac
-  say "Using preset root authorization mechanism '$LE_AUTO_SUDO'."
-else
-  if test "`id -u`" -ne "0" ; then
-    if $EXISTS sudo 1>/dev/null 2>&1; then
-      SUDO=sudo
-      SUDO_ENV="CERTBOT_AUTO=$0"
-    else
-      say \"sudo\" is not available, will use \"su\" for installation steps...
-      SUDO=su_sudo
-    fi
+if [ "$1" = "--cb-auto-has-root" ]; then
+  shift 1
+elif [ "$1" != "--le-auto-phase2" ]; then
+  # if $1 is --le-auto-phase2, we've executed this branch before
+  SUDO_ENV=""
+  if [ -n "${LE_AUTO_SUDO+x}" ]; then
+    case "$LE_AUTO_SUDO" in
+      su_sudo|su)
+        SUDO=su_sudo
+        ;;
+      sudo)
+        SUDO=sudo
+        ;;
+      '') ;; # Nothing to do for plain root method.
+      *)
+        error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."
+        exit 1
+    esac
+    say "Using preset root authorization mechanism '$LE_AUTO_SUDO'."
   else
-    SUDO=
+    if test "`id -u`" -ne "0" ; then
+      if $EXISTS sudo 1>/dev/null 2>&1; then
+        SUDO=sudo
+      else
+        say \"sudo\" is not available, will use \"su\" for installation steps...
+        SUDO=su_sudo
+      fi
+    else
+      SUDO=
+    fi
   fi
+  $SUDO "$0" --cb-auto-has-root "$@"
+  exit 0
 fi
 
 BootstrapMessage() {
diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template
index 0cc4a8c06..e0f6f19df 100755
--- a/letsencrypt-auto-source/letsencrypt-auto.template
+++ b/letsencrypt-auto-source/letsencrypt-auto.template
@@ -49,6 +49,7 @@ Help for certbot itself cannot be provided until it is installed.
                                             implies --non-interactive
 
 All arguments are accepted and forwarded to the Certbot client when run."
+export CERTBOT_AUTO="$0"
 
 for arg in "$@" ; do
   case "$arg" in
@@ -149,35 +150,39 @@ su_sudo() {
   su root -c "$args"
 }
 
-SUDO_ENV=""
-export CERTBOT_AUTO="$0"
-if [ -n "${LE_AUTO_SUDO+x}" ]; then
-  case "$LE_AUTO_SUDO" in
-    su_sudo|su)
-      SUDO=su_sudo
-      ;;
-    sudo)
-      SUDO=sudo
-      SUDO_ENV="CERTBOT_AUTO=$0"
-      ;;
-    '') ;; # Nothing to do for plain root method.
-    *)
-      error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."
-      exit 1
-  esac
-  say "Using preset root authorization mechanism '$LE_AUTO_SUDO'."
-else
-  if test "`id -u`" -ne "0" ; then
-    if $EXISTS sudo 1>/dev/null 2>&1; then
-      SUDO=sudo
-      SUDO_ENV="CERTBOT_AUTO=$0"
-    else
-      say \"sudo\" is not available, will use \"su\" for installation steps...
-      SUDO=su_sudo
-    fi
+if [ "$1" = "--cb-auto-has-root" ]; then
+  shift 1
+elif [ "$1" != "--le-auto-phase2" ]; then
+  # if $1 is --le-auto-phase2, we've executed this branch before
+  SUDO_ENV=""
+  if [ -n "${LE_AUTO_SUDO+x}" ]; then
+    case "$LE_AUTO_SUDO" in
+      su_sudo|su)
+        SUDO=su_sudo
+        ;;
+      sudo)
+        SUDO=sudo
+        ;;
+      '') ;; # Nothing to do for plain root method.
+      *)
+        error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."
+        exit 1
+    esac
+    say "Using preset root authorization mechanism '$LE_AUTO_SUDO'."
   else
-    SUDO=
+    if test "`id -u`" -ne "0" ; then
+      if $EXISTS sudo 1>/dev/null 2>&1; then
+        SUDO=sudo
+      else
+        say \"sudo\" is not available, will use \"su\" for installation steps...
+        SUDO=su_sudo
+      fi
+    else
+      SUDO=
+    fi
   fi
+  $SUDO "$0" --cb-auto-has-root "$@"
+  exit 0
 fi
 
 BootstrapMessage() {