Restore nopasswd sudo rule on Mac OS X.

This seems to be missing from some (but not all) github runners, so
restore it if it seems to be missing.

diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index de10857d88009b651e4ee8ef7faf140e1f69ffb3..d0ba7b4724e9a600abb720351dfc64ccb5cb6330 100755 (executable)
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -29,18 +29,30 @@ TARGETS=$@
 INSTALL_FIDO_PPA="no"
 export DEBIAN_FRONTEND=noninteractive
 
-set -ex
+set -e
 
 if [ -x "`which lsb_release 2>&1`" ]; then
        lsb_release -a
 fi
 
-# Ubuntu 22.04 defaults to private home dirs which prevent the
-# agent-getpeerid test from running ssh-add as nobody.  See
-# https://github.com/actions/runner-images/issues/6106
-if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then
-       echo ~ is not executable by nobody, adding perms.
-       chmod go+x ~
+if [ ! -z "$SUDO" ]; then
+       # Ubuntu 22.04 defaults to private home dirs which prevent the
+       # agent-getpeerid test from running ssh-add as nobody.  See
+       # https://github.com/actions/runner-images/issues/6106
+       if ! "$SUDO" -u nobody test -x ~; then
+               echo ~ is not executable by nobody, adding perms.
+               chmod go+x ~
+       fi
+       # Some of the Mac OS X runners don't have a nopasswd sudo rule. Regular
+       # sudo still works, but sudo -u doesn't.  Restore the sudo rule.
+       if ! "$SUDO" grep  -E 'runner.*NOPASSWD' /etc/passwd >/dev/null; then
+               echo "Restoring runner nopasswd rule to sudoers."
+               echo 'runner ALL=(ALL) NOPASSWD: ALL' |$SUDO tee -a /etc/sudoers
+       fi
+       if ! "$SUDO" -u nobody -S test -x ~ </dev/null; then
+               echo "Still can't sudo to nobody."
+               exit 1
+       fi
 fi
 
 if [ "${TARGETS}" = "kitchensink" ]; then