From 386d8aa2f208b904d5c69945fe8b10093e4ea0e7 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Tue, 12 May 2026 22:32:49 +0200
Subject: [PATCH] fix(install): use runuser and fail non-root with exit 1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

`su -` runs through pam_systemd on Manjaro/Arch, creating a new login
session that conflicts with the outer sudo session and detaches the
install from the controlling terminal — making `sudo make install`
appear to end while it keeps running in the background. Replace `su`
calls with `runuser`, which is designed for root-invoked scripts and
skips PAM session management.

Also flips init.sh's non-root branch from `exit 0` (silent success) to
`exit 1` with a clear stderr message, so `make install` correctly fails
when invoked without root.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 scripts/installation/arch/aur-builder-setup.sh | 2 +-
 scripts/installation/arch/package.sh           | 2 +-
 scripts/installation/init.sh                   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/installation/arch/aur-builder-setup.sh b/scripts/installation/arch/aur-builder-setup.sh
index c19d6ab..efa7aca 100755
--- a/scripts/installation/arch/aur-builder-setup.sh
+++ b/scripts/installation/arch/aur-builder-setup.sh
@@ -38,7 +38,7 @@ echo "[aur-builder-setup] Configuring sudoers for aur_builder..."
 ${ROOT_CMD} bash -c "echo '%aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' > /etc/sudoers.d/aur_builder"
 ${ROOT_CMD} chmod 0440 /etc/sudoers.d/aur_builder
 
-RUN_AS_AUR=(su - aur_builder -s /bin/bash -c)
+RUN_AS_AUR=(runuser -u aur_builder -- bash -c)
 
 echo "[aur-builder-setup] Ensuring yay is installed for aur_builder..."
 
diff --git a/scripts/installation/arch/package.sh b/scripts/installation/arch/package.sh
index 813cd62..a154520 100755
--- a/scripts/installation/arch/package.sh
+++ b/scripts/installation/arch/package.sh
@@ -47,7 +47,7 @@ echo "[arch/package] Using 'aur_builder' user for makepkg..."
 chown -R aur_builder:aur_builder "${BUILD_ROOT}"
 
 echo "[arch/package] Running makepkg in: ${PKG_BUILD_DIR}"
-su aur_builder -c "cd '${PKG_BUILD_DIR}' && rm -f package-manager-*.pkg.tar.* && makepkg --noconfirm --clean --nodeps"
+runuser -u aur_builder -- bash -c "cd '${PKG_BUILD_DIR}' && rm -f package-manager-*.pkg.tar.* && makepkg --noconfirm --clean --nodeps"
 
 echo "[arch/package] Installing generated Arch package..."
 pkg_path="$(find "${PKG_BUILD_DIR}" -maxdepth 1 -type f -name 'package-manager-*.pkg.tar.*' | head -n1)"
diff --git a/scripts/installation/init.sh b/scripts/installation/init.sh
index f38669b..e7c6dc3 100755
--- a/scripts/installation/init.sh
+++ b/scripts/installation/init.sh
@@ -2,8 +2,8 @@
 set -euo pipefail
 
 if [[ "${EUID:-$(id -u)}" -ne 0 ]]; then
-  echo "[installation/install] Warning: Installation is just possible via root."
-  exit 0
+  echo "[installation/install] ERROR: Installation requires root. Re-run with sudo." >&2
+  exit 1
 fi
 
 echo "[installation] Running as root (EUID=0)."