Paul de Weerd wrote: > Well, in my case I can simply not use doas -n and ensure my script > works without prompting for passwords more than once (which is what I > care about). However, I have to say that doas works great in > scripting setups: it asks for a password once and then all subsequent > invocations of doas do not. Once the script ends, the process group > is gone and with it, the persist ticket. So, yeah, persist works > great for scripting.
I must admit this usage is kind of strange, but that doesn't mean bad. Unexpected though. :) However, do you need to use -n in this case? You've set things up so that the first invocation asks for a password and then it relies on persist throughout. So leave off of the -n? Maybe I will think about this some more. The current design, where -n overrides persist, was deliberate. So it's not a "bug", but perhaps a wrong decision. I just don't want anyone to rush to fix it.
