--- /dev/null
+#!/bin/sh -e
+
+sed -i '/chown/d' GNUmakefile
+
+./configure \
+ --prefix=/usr \
+ --enable-static \
+ --with-shadow \
+ --with-timestamp \
+ --without-pam \
+ --with-kiss-insults \
+
+make
+make DESTDIR="$1" install
+
+install -Dm600 doas.conf "$1/etc/doas.conf"
--- /dev/null
+# Set rules here.
+# Priority increases with linenumber.
+# See doas.conf(5) for details.
+
+# permit persist :wheel
+# permit nopass root
+
+# This config file isn't very powerful at all compared to
+# the likes of sudo's. It's very difficult to tell it that
+# we want to permit running the package manager and package
+# manager alone (hence the 'git'/'env' listings).
+#
+# Further, the 'persist' feature is too strict and will beg
+# you for a password every time 'doas' is run from a script`.
+# Despite sudo's complexity, I recommened it over doas for
+# better control.
+#
+# I'm working on a better overall solution.
+
+# Allow wheel to run kiss with password required.
+# permit persist :wheel cmd env
+# permit persist :wheel cmd git args fetch
+# permit persist :wheel cmd git args diff
+# permit persist :wheel cmd git args merge
+
+# Allow wheel to run kiss without a password.
+# permit nopass :wheel cmd env
+# permit nopass :wheel cmd git args fetch
+# permit nopass :wheel cmd git args diff
+# permit nopass :wheel cmd git args merge