From e409616ed52d7a512b5fe971ee4d475895a514ea Mon Sep 17 00:00:00 2001
From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com>
Date: Thu, 30 Nov 2023 07:18:43 +0000
Subject: [PATCH] Latest

---
 docs/terminal/full-disk-access.md             |  3 ++
 home/.chezmoidata.yaml                        |  1 +
 .../run_before_01-macos-privileges.sh.tmpl    | 40 +++++++++++++++++++
 home/dot_config/git/config.tmpl               |  4 +-
 scripts/cloudflared-ssh.sh                    |  2 +-
 scripts/homebrew.sh                           |  2 +-
 scripts/partials/basic-deps                   |  2 +-
 scripts/provision.sh                          |  6 +--
 scripts/src/provision.sh.tmpl                 |  4 +-
 software.yml                                  |  5 +++
 10 files changed, 59 insertions(+), 10 deletions(-)
 create mode 100644 docs/terminal/full-disk-access.md
 create mode 100644 home/.chezmoiscripts/universal/run_before_01-macos-privileges.sh.tmpl

diff --git a/docs/terminal/full-disk-access.md b/docs/terminal/full-disk-access.md
new file mode 100644
index 00000000..ce7ce003
--- /dev/null
+++ b/docs/terminal/full-disk-access.md
@@ -0,0 +1,3 @@
+# Full Disk Access
+
+This script requires full disk access. Please grant the current Terminal application full disk access before proceeding.
diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml
index bcd9934d..c4521a66 100644
--- a/home/.chezmoidata.yaml
+++ b/home/.chezmoidata.yaml
@@ -1006,6 +1006,7 @@ softwareGroups:
     - htop
     - ipmitool
     - iproute2mac
+    - macprefs
     - masscan
     - prefsniff
     - pulumi
diff --git a/home/.chezmoiscripts/universal/run_before_01-macos-privileges.sh.tmpl b/home/.chezmoiscripts/universal/run_before_01-macos-privileges.sh.tmpl
new file mode 100644
index 00000000..87308a37
--- /dev/null
+++ b/home/.chezmoiscripts/universal/run_before_01-macos-privileges.sh.tmpl
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+# @file Ensure Terminal Permissions
+# @brief Ensures the macOS terminal used for the provisioning process has full disk access permissions
+# @description
+#     This script ensures the terminal running the provisioning process has full disk access permissions. It also
+#     prints information regarding the process of how to enable the permission as well as information related to
+#     the specific reasons that the terminal needs full disk access. More specifically, the scripts need full
+#     disk access to modify various system files and permissions.
+#
+#     ## Sources
+#
+#     * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html)
+
+{{ includeTemplate "universal/profile-before" }}
+{{ includeTemplate "universal/logg-before" }}
+
+# @description Prints information describing why full disk access is required for the script to run on macOS.
+printFullDiskAccessNotice() {
+    if [ -d /Applications ] && [ -d /System ]; then
+        logg md "${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/docs/terminal/full-disk-access.md"
+    fi
+}
+
+# @description Ensures the terminal running the provisioning process script has full disk access on macOS. It does this
+#     by attempting to read a file that requires full disk access. If it does not, the program opens the preferences
+#     pane where the user can grant access so that the script can continue.
+ensureFullDiskAccess() {
+    if [ -d /Applications ] && [ -d /System ]; then
+        if ! plutil -lint /Library/Preferences/com.apple.TimeMachine.plist > /dev/null ; then
+            logg star 'Opening Full Disk Access preference pane.. Grant full-disk access for the terminal you would like to run the provisioning process with.' && open "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles"
+            logg prompt 'Press ENTER to check for Full Disk Access again' && read -rsn
+            ensureFullDiskAccess
+        else
+            logg success 'Current terminal has full disk access'
+        fi
+    fi
+}
+
+printFullDiskAccessNotice
+ensureFullDiskAccess
diff --git a/home/dot_config/git/config.tmpl b/home/dot_config/git/config.tmpl
index a2bc4016..cd16bccb 100644
--- a/home/dot_config/git/config.tmpl
+++ b/home/dot_config/git/config.tmpl
@@ -62,7 +62,7 @@
 [credential]
   helper = cache --timeout=3600
   credentialStore = {{ if eq .host.distro.id "darwin" }}keychain{{ else }}{{ if eq .host.distro.id "windows" }}wincredman{{ else }}secretservice{{ end }}{{ end }}
-{{ if (lookPath "asdf") -}}
+{{ if (lookPath "gh") -}}
 [credential "https://github.com"]
 	helper = !{{- output "which" "gh" | trim }} auth git-credential
 [credential "https://gist.github.com"]
@@ -126,7 +126,7 @@
   autocorrect = 20
 [http]
   postBuffer = 524288000
-  {{ if (stat (joinPath "etc" "ssl" "cert.pem")) -}}sslcainfo = /etc/ssl/cert.pem{{ end -}}
+{{ if (stat (joinPath "etc" "ssl" "cert.pem")) -}}  sslcainfo = /etc/ssl/cert.pem{{ end -}}
 [init]
   defaultBranch = master
   # templatedir = ~/.config/git/template
diff --git a/scripts/cloudflared-ssh.sh b/scripts/cloudflared-ssh.sh
index fc1f6585..83a18157 100644
--- a/scripts/cloudflared-ssh.sh
+++ b/scripts/cloudflared-ssh.sh
@@ -125,7 +125,7 @@ logg() {
 #     2. If any of the above are missing, it will then use the appropriate system package manager to satisfy the requirements. *Note that some of the requirements are not scanned for in order to keep it simple and fast.*
 #     3. On macOS, the official Xcode Command Line Tools are installed.
 ensureBasicDeps() {
-  if ! command -v curl > /dev/null || ! command -v git > /dev/null || ! command -v expect > /dev/null || ! command -v rsync > /dev/null || ! command -v unbuffer; then
+  if ! command -v curl > /dev/null || ! command -v git > /dev/null || ! command -v expect > /dev/null || ! command -v rsync > /dev/null || ! command -v unbuffer > /dev/null; then
     if command -v apt-get > /dev/null; then
       ### Debian / Ubuntu
       logg info 'Running sudo apt-get update' && sudo apt-get update
diff --git a/scripts/homebrew.sh b/scripts/homebrew.sh
index b0eb87ce..4b2aa426 100644
--- a/scripts/homebrew.sh
+++ b/scripts/homebrew.sh
@@ -94,7 +94,7 @@ logg() {
 #     2. If any of the above are missing, it will then use the appropriate system package manager to satisfy the requirements. *Note that some of the requirements are not scanned for in order to keep it simple and fast.*
 #     3. On macOS, the official Xcode Command Line Tools are installed.
 ensureBasicDeps() {
-  if ! command -v curl > /dev/null || ! command -v git > /dev/null || ! command -v expect > /dev/null || ! command -v rsync > /dev/null || ! command -v unbuffer; then
+  if ! command -v curl > /dev/null || ! command -v git > /dev/null || ! command -v expect > /dev/null || ! command -v rsync > /dev/null || ! command -v unbuffer > /dev/null; then
     if command -v apt-get > /dev/null; then
       ### Debian / Ubuntu
       logg info 'Running sudo apt-get update' && sudo apt-get update
diff --git a/scripts/partials/basic-deps b/scripts/partials/basic-deps
index 6363b696..70481406 100644
--- a/scripts/partials/basic-deps
+++ b/scripts/partials/basic-deps
@@ -4,7 +4,7 @@
 #     2. If any of the above are missing, it will then use the appropriate system package manager to satisfy the requirements. *Note that some of the requirements are not scanned for in order to keep it simple and fast.*
 #     3. On macOS, the official Xcode Command Line Tools are installed.
 ensureBasicDeps() {
-  if ! command -v curl > /dev/null || ! command -v git > /dev/null || ! command -v expect > /dev/null || ! command -v rsync > /dev/null || ! command -v unbuffer; then
+  if ! command -v curl > /dev/null || ! command -v git > /dev/null || ! command -v expect > /dev/null || ! command -v rsync > /dev/null || ! command -v unbuffer > /dev/null; then
     if command -v apt-get > /dev/null; then
       ### Debian / Ubuntu
       logg info 'Running sudo apt-get update' && sudo apt-get update
diff --git a/scripts/provision.sh b/scripts/provision.sh
index 6ae5e64b..0b51d68a 100644
--- a/scripts/provision.sh
+++ b/scripts/provision.sh
@@ -159,7 +159,7 @@ setEnvironmentVariables() {
 #     2. If any of the above are missing, it will then use the appropriate system package manager to satisfy the requirements. *Note that some of the requirements are not scanned for in order to keep it simple and fast.*
 #     3. On macOS, the official Xcode Command Line Tools are installed.
 ensureBasicDeps() {
-  if ! command -v curl > /dev/null || ! command -v git > /dev/null || ! command -v expect > /dev/null || ! command -v rsync > /dev/null || ! command -v unbuffer; then
+  if ! command -v curl > /dev/null || ! command -v git > /dev/null || ! command -v expect > /dev/null || ! command -v rsync > /dev/null || ! command -v unbuffer > /dev/null; then
     if command -v apt-get > /dev/null; then
       ### Debian / Ubuntu
       logg info 'Running sudo apt-get update' && sudo apt-get update
@@ -306,9 +306,9 @@ setupPasswordlessSudo() {
     logg info 'Note: Non-privileged installations are not yet supported'
   fi
   if [ -n "$SUDO_PASSWORD" ]; then
-    printf '%s\n' "$SUDO_PASSWORD" | sudo -p "" -S echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers
+    printf '%s\n' "$SUDO_PASSWORD" | sudo -p "" -S echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers > /dev/null
   else
-    echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers
+    echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers > /dev/null
   fi
 }
 
diff --git a/scripts/src/provision.sh.tmpl b/scripts/src/provision.sh.tmpl
index 8f4995c3..716553e6 100644
--- a/scripts/src/provision.sh.tmpl
+++ b/scripts/src/provision.sh.tmpl
@@ -114,9 +114,9 @@ setupPasswordlessSudo() {
     logg info 'Note: Non-privileged installations are not yet supported'
   fi
   if [ -n "$SUDO_PASSWORD" ]; then
-    printf '%s\n' "$SUDO_PASSWORD" | sudo -p "" -S echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers
+    printf '%s\n' "$SUDO_PASSWORD" | sudo -p "" -S echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers > /dev/null
   else
-    echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers
+    echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers > /dev/null
   fi
 }
 
diff --git a/software.yml b/software.yml
index dc13e7be..19e83821 100644
--- a/software.yml
+++ b/software.yml
@@ -709,6 +709,11 @@ softwarePackages:
     bin: https://github.com/joehillen/sysz
     pacman: sysz
     script:linux: cd /tmp && git clone https://github.com/joehillen/sysz.git && cd sysz && sudo make install && cd /tmp && rm -rf sysz
+  macprefs:
+    _bin: macprefs
+    _name: MacPrefs
+    _github: https://github.com/clintmod/macprefs
+    brew: clintmod/formulas/macprefs
   appium:
     _bin: appium
     _desc: '[Appium](https://appium.io/) is an open source automation tool for running scripts and testing native applications, mobile-web applications and hybrid applications on Android or iOS using a webdriver.'