From 9782878208a23e1018eb1e48e91a4e8d0825691a Mon Sep 17 00:00:00 2001
From: Erik Bershel <110455084+erik-bershel@users.noreply.github.com>
Date: Mon, 3 Mar 2025 23:57:21 +0100
Subject: [PATCH] [macOS] Enable NOPASSWD `sudo` for @admin group (#11703)

---
 images/macos/scripts/build/configure-machine.sh | 6 ++++++
 images/macos/scripts/tests/Common.Tests.ps1     | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/images/macos/scripts/build/configure-machine.sh b/images/macos/scripts/build/configure-machine.sh
index abd1f9872..7c7b36705 100644
--- a/images/macos/scripts/build/configure-machine.sh
+++ b/images/macos/scripts/build/configure-machine.sh
@@ -90,6 +90,12 @@ if [[ ! "$(automationmodetool)" =~ "DOES NOT REQUIRE" ]]; then
     exit 1
 fi
 
+# Fix sudoers file permissions
+sudo chmod 440 /etc/sudoers.d/*
+
+# Add NOPASSWD for the current user to sudoers
+sudo sed -i '' 's/%admin		ALL = (ALL) ALL/%admin		ALL = (ALL) NOPASSWD: ALL/g' /etc/sudoers
+
 # Create symlink for tests running
 if [[ ! -d "/usr/local/bin" ]];then
     sudo mkdir -p -m 775 /usr/local/bin
diff --git a/images/macos/scripts/tests/Common.Tests.ps1 b/images/macos/scripts/tests/Common.Tests.ps1
index 8e6be12f5..353815d04 100644
--- a/images/macos/scripts/tests/Common.Tests.ps1
+++ b/images/macos/scripts/tests/Common.Tests.ps1
@@ -87,3 +87,12 @@ Describe "Unxip" {
         "unxip --version" | Should -ReturnZeroExitCode
     }
 }
+
+Describe "Sudoers" {
+    It "Sudo Cache" {
+        "sudo -v" | Should -ReturnZeroExitCode
+    }
+    It "Sudoers files" {
+        "sudo visudo -c" | Should -ReturnZeroExitCode
+    }
+}