net/wireguard install wg-quick script, which uses sudo here: auto_su() { [[ $UID == 0 ]] || exec sudo -p "$PROGRAM must be run as root. Please enter the password for %u to continue: " -- "$BASH" -- "$SELF" "${ARGS[@]}" }
In my opinion this auto_su function should first check if sudo is available and just exit with an error if not. Depending on sudo does not sound like a good idea to me considering their security record. The wg-quick for openbsd also supports runas which we have in ports. Feel free to create a patch for this but I won't have time myself in the next couple of weeks.
(In reply to Bernhard Froehlich from comment #1) Should rather be the whole `auto_su()` functionality to be removed, replaced by an error message? There are multiple ways to get root privileges; there are at least sudo, doas and calife in ports. There's probably no point in trying to support every one of those? Moreover, even having sudo or doas installed doesn't mean the current user can successfully run things as root with their help... Any comments? (I'll do the patch, let's just agree on what to do.)
The upstream code is here: https://git.zx2c4.com/wireguard-tools/tree/src/wg-quick As you can see this auto_su functionality is available on all platforms so I will talk to upstream first and ask for their opinion before we start to patch it.
What is more popular? doas or sudo?
(In reply to Jason A. Donenfeld from comment #4) Personally I use sudo.
(In reply to Jason A. Donenfeld from comment #4) But I run it as root so no sudo is needed for my cases.
Any news from upstream?
Has anyone reported this (with preferably with a patch) upstream to wg-quick? Given that they want to be a "managed" frontend for WireGuard it would make sense to search for sudo, runas, su in that order until one exists is found, try it, and report an error if it fails.