You are not logged in.

#1 2023-02-13 09:11:16

Shiba
Member
Registered: 2013-11-29
Posts: 8

Any way to avoid sudo now?

As per https://archlinux.org/news/switch-to-th … ervention/ base-devel is now a package with real dependencies, meaning that I can no longer ^23 sudo out of a pacman -S base-devel. Any suggestion on how to remove it without using -Rdd?

Offline

#2 2023-02-13 09:19:53

Scimmia
Fellow
Registered: 2012-09-01
Posts: 12,150

Re: Any way to avoid sudo now?

Don't install base-devel. Seriously, build in a clean chroot and you don't have to have base-devel on your system.

Offline

#3 2023-02-13 09:54:23

Shiba
Member
Registered: 2013-11-29
Posts: 8

Re: Any way to avoid sudo now?

If I needed to do things seriously I would go that route despite sudo, yes, but I just need to makepkg a couple of old packages with some patches.

Offline

#4 2023-02-13 10:07:25

seth
Member
Registered: 2012-09-03
Posts: 59,372

Re: Any way to avoid sudo now?

You could add a dummy package that "provides" sudo (w/o content) and conflicts with sudo.

Offline

#5 2023-02-13 11:18:24

Neven
Member
Registered: 2014-05-02
Posts: 76

Re: Any way to avoid sudo now?

Why is sudo even a dependency of base-devel? Probably it should just be removed as a dep.

Sudo is only an optional dependency for the makepkg command, so I guess pacman should optdepend on sudo. Then there's no reason for base-devel to depend on sudo.

Last edited by Neven (2023-02-13 11:28:24)

Offline

#6 2023-02-13 11:55:34

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,479
Website

Re: Any way to avoid sudo now?

base-devel is the packages that are installed by default in Arch build roots - that requires sudo.  The fact users may also want to install base-devel on their systems is rather inconsequential.

Offline

#7 2023-02-13 12:29:59

Neven
Member
Registered: 2014-05-02
Posts: 76

Re: Any way to avoid sudo now?

Interesting. So you say that the purpose of base-devel is for the build roots, basically something not directly relevant to most users.

The Wiki page on the AUR, however, quite clearly states that the base-devel package is a requirement for building AUR packages, and that AUR packages do assume that base-devel is installed.

It seems there's a conflict here, where unrelated concepts got mixed into base-devel.

Perhaps a base-aur metapackage should be introduced, to separate these two purposes? Then base-devel would serve purely for the build-roots, while base-aur would be a requirement for users of AUR.

Offline

#8 2023-02-13 13:53:27

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,330
Website

Re: Any way to avoid sudo now?

I'd also like to see sudo not be a dependency of base-devel, but I'm not sure what the fuss is about as nothing has changed from an end-user perspective.

The above-referenced "requirement" in the AUR wiki page is not new.  Prior to the change to a package, sudo was still in the base-devel group.  So the "official" requirements on the AUR wiki page was that sudo needed to be installed.  Many of us chose to ignore that official guidance and not install it and still build AUR packages just fine.  So now the official requirements are still to have sudo (among other things) installed; if you chose not to follow that guidance, that's no more or less okay today than it was yesterday.

So to answer the question in the title of the thread, yes, there is a way to avoid sudo, and it's precisely the same way we had before: don't install it.

Last edited by Trilby (2023-02-13 14:07:31)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#9 2023-02-13 14:10:09

Neven
Member
Registered: 2014-05-02
Posts: 76

Re: Any way to avoid sudo now?

Not to turn this discussion in a philosophical direction, but:

1. It's better to fix the rules, conventions, etc. than break them

2. having base-devel as a metapackage and sudo as its dependency makes sudo a bit harder of a requirement than before. groups are more difficult to take seriously because of the mechanics of how pacman implements them (the UI encourages picking-and-choosing, and the groups are not relevant for the dependency hierarchy)

Last edited by Neven (2023-02-13 14:12:47)

Offline

#10 2023-02-13 17:29:10

seth
Member
Registered: 2012-09-03
Posts: 59,372

Re: Any way to avoid sudo now?

having base-devel as a metapackage and sudo as its dependency makes sudo a bit harder of a requirement than before

No?

base-devel has, as we figured, two principal functions:
1. Arch build roots
sudo was and is a hard dependency in this context
However, that context doesn't seem to be the topic of this thread.

2. AUR expects it to be installed
That hasn't changed. The AUR packages expect sudo to be present exactly as much as before.
The wording in the wiki might be off:

wiki wrote:

Note: Packages in the AUR assume that base-devel is installed.

No, they don't. They expect the packages that base-devel depends on to be installed. The presence of the base-devel package specifically is irrelevant.

You don't *have* to install base-devel for this context, you can simply use it as pre-packaged convenience.

You can alternatively
1. install it's dependencies individually
2. write a meta-package "aur_stuff" to manage it's dependencies (though w/ sudo traditionally being "expected" by AUR packages you *might* run into a situation where a package actually hard-depends on it, arguebly that package might be improvable)


Sidebar: but nobody has complained about "which" so far … tongue

Offline

#11 2023-02-13 17:40:41

Shiba
Member
Registered: 2013-11-29
Posts: 8

Re: Any way to avoid sudo now?

To reply to everyone: I know I can simply ignore base-devel, manually copy-paste all its dependencies but sudo, repeat that every few weeks in case something changed. Having a metapackage of implicit dependencies required for building packages seemed like a step forward compared to the base-devel group, which still involved the above process of checking for changes, although a in bit less cumbersome way.
The main issue with having sudo installed is that when it is detected by some programs like makepkg it becomes the chosen way to authenticate, despite it not being configured for the current user, making the -s and -i options essentially unusable.

seth wrote:

You could add a dummy package that "provides" sudo (w/o content) and conflicts with sudo.

Eventually I will do that, but I find it a bit odd that I have to make a package in order not install another (non required) package.

Allan wrote:

base-devel is the packages that are installed by default in Arch build roots - that requires sudo.

I don't know what that is, but can't sudo just be explicitly selected over there like, I presume, base-devel is?

Offline

#12 2023-02-13 19:21:21

Neven
Member
Registered: 2014-05-02
Posts: 76

Re: Any way to avoid sudo now?

seth wrote:

having base-devel as a metapackage and sudo as its dependency makes sudo a bit harder of a requirement than before

AUR packages expect sudo to be present

No? I don't think I've ever needed to install sudo for building an AUR package, and there's nothing essential about sudo. If such packages do exist on AUR, I'm sure they're very rare, and thus my proposal to introduce base-aur, which presumably wouldn't depend on sudo.

Last edited by Neven (2023-02-13 19:58:53)

Offline

#13 2023-02-13 19:28:26

seth
Member
Registered: 2012-09-03
Posts: 59,372

Re: Any way to avoid sudo now?

seth actually wrote:

The AUR packages expect sudo to be present exactly as much as before.

How about we don't misquote me?

Offline

#14 2023-02-13 19:30:16

Neven
Member
Registered: 2014-05-02
Posts: 76

Re: Any way to avoid sudo now?

So what's your point then?

Last edited by Neven (2023-02-13 19:31:04)

Offline

#15 2023-02-13 19:56:23

Alad
Wiki Admin/IRC Op
From: Bagelstan
Registered: 2014-05-04
Posts: 2,418
Website

Re: Any way to avoid sudo now?

I don't know what that is, but can't sudo just be explicitly selected over there like, I presume, base-devel is?

No. There's no point in changing devtools code just because 1 user doesn't like to have sudo installed.

The main issue with having sudo installed is that when it is detected by some programs like makepkg it becomes the chosen way to authenticate, despite it not being configured for the current user, making the -s and -i options essentially unusable.

False. You can use whatever authentication method you want with PACMAN_AUTH.


Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

Offline

#16 2023-02-13 20:17:52

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,330
Website

Re: Any way to avoid sudo now?

seth wrote:

Sidebar: but nobody has complained about "which" so far … tongue

If have.  Quite a bit.  Just not publicly as there's no point.  But "which" is another package from base devel I've never had installed and never missed.

Neven wrote:

So what's your point then?

While I can't speak for seth, I can respond to the extent that he appears to be highlighting the same point I am that really nothing has changed.  He emphasized in his self quote that sudo is needed exactly as much as it was before which is precisely correct.  If you think the current conditions mean sudo is required, then the previous conditions would have led to the same conclusion.  If you previously went along merrily without sudo, there's nothing about the recent news item that should change that now.


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#17 2023-02-13 20:55:52

seth
Member
Registered: 2012-09-03
Posts: 59,372

Re: Any way to avoid sudo now?

Neven wrote:

So what's your point then?

Neven wrote:

… makes sudo a bit harder of a requirement than before

seth wrote:

No?

2. AUR expects [base-devel] to be installed
That hasn't changed. The AUR packages expect sudo to be present exactly as much as before.

w/ sudo traditionally being "expected" by AUR packages you *might* run into a situation where a package actually hard-depends on it, arguebly that package might be improvable

The AUR wiki states that AUR packages expect base-devel to be installed.
Whether that's true and whether it extends to every single package of the former group is debatable, but hasn't changed.
Nothing became "a bit harder of a requirement" over night.
If AUR package snafu-git took the wiki statement as justification to implicitly hard-depend on sudo, that wasn't impacted by the group/metapackage change at all.

You'll also find that

seth wrote:

The wording in the wiki might be off:

wiki wrote:

Note: Packages in the AUR assume that base-devel is installed.

No, they don't. They expect the packages that base-devel depends on to be installed. The presence of the base-devel package specifically is irrelevant.

So one cannot argue that sudo is now a hard dependency for the AUR because it's a hard dep of base-devel - since base-devel is in fact itself *not* a hard dependency of the AUR.
It just encapsulates a bunch of packages that are generally a good idea to have around when you want to run makepkg.
There're however certainly several packages that build perfectly fine w/o automake and gcc. If you only want those, you don't need a make environment.


Trilby wrote:

But "which" is another package from base devel I've never had installed and never missed.

https://bbs.archlinux.org/viewtopic.php … 3#p2079083 roll

Offline

#18 2023-02-13 21:21:53

IrreleventIdiot
Member
From: SC
Registered: 2017-01-28
Posts: 35

Re: Any way to avoid sudo now?

Just chiming in that I had previously uninstalled sudo and symlinked it to doas, but now that it had to be reinstalled I went ahead and just aliased sudo to doas in my .zshrc instead. I already had set yay to use doas instead anyway, so nothing about this package change seems to really affect me.


Yes, I know I spelt "Irrelevant" wrong.

Offline

#19 2023-02-14 01:09:19

Shiba
Member
Registered: 2013-11-29
Posts: 8

Re: Any way to avoid sudo now?

Alad wrote:

No. There's no point in changing devtools code just because 1 user doesn't like to have sudo installed.

Can you point me to those devtools code? Maybe it will help me understand how big of a hassle it is that you are so much opposed to do this.

Alad wrote:

False. You can use whatever authentication method you want with PACMAN_AUTH.

It took me a while and required me to read makepkg code, but the correct syntax is PACMAN_AUTH=(su root -c %c). Not that I expect that would solve any actual problem for anyone, after all it was just "1 user that doesn't want something installed for no reason at all".
Now I can rest easy, at least until the next program/script that makes the right assumption that if I have something installed is because I want to use it.

Offline

#20 2023-02-14 07:24:05

seth
Member
Registered: 2012-09-03
Posts: 59,372

Re: Any way to avoid sudo now?

@IrreleventIdiot, the point of not installing sudo is (next to the disk use wink to not have it around for malware or users to exploit possible CVEs.
But even benign scripts will not necessarily source your zshrc and or call /usr/bin/sudo explicitly and they might now plausibly pass incompatible parameters to doas iff they indeed source your zshrc

If you don't want to install sudo either don't install base-devel or replace it w/ a "nosudo" dummy package.
Aliasing sudo to doas is close to pointless and (rather unlikely but still) potentially harmful.

Offline

#21 2023-02-14 14:06:26

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,330
Website

Re: Any way to avoid sudo now?

Yet another odd option:

NoExtract = usr/bin/sudo

"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#22 2023-02-14 18:32:32

Head_on_a_Stick
Member
From: The Wirral
Registered: 2014-02-20
Posts: 8,386
Website

Re: Any way to avoid sudo now?

There is also doas-sudo-shim in the AUR that supports a subset of the sudo options (both short and long variants) that have an equivalent in doas, plus option -i (--login).


Para todos todo, para nosotros nada

Offline

#23 2023-02-15 15:25:35

IrreleventIdiot
Member
From: SC
Registered: 2017-01-28
Posts: 35

Re: Any way to avoid sudo now?

@seth noted, thank you.


Yes, I know I spelt "Irrelevant" wrong.

Offline

#24 2023-05-22 20:01:08

Baerbeisser
Member
Registered: 2023-05-22
Posts: 1

Re: Any way to avoid sudo now?

Trilby wrote:

I'd also like to see sudo not be a dependency of base-devel, but I'm not sure what the fuss is about as nothing has changed from an end-user perspective.

I removed sudo because it has a few CVE every year and rdo/ssu is enough for single user instances.
Now i saw the news and reinstalled base-devel and suddenly sudo was there as dependency, which i explicitly removed before. Let's see if all of my ~20 AUR packages goodly request base-devel as dependency or just fail.

The above-referenced "requirement" in the AUR wiki page is not new.  Prior to the change to a package, sudo was still in the base-devel group.  So the "official" requirements on the AUR wiki page was that sudo needed to be installed.  Many of us chose to ignore that official guidance and not install it and still build AUR packages just fine.  So now the official requirements are still to have sudo (among other things) installed; if you chose not to follow that guidance, that's no more or less okay today than it was yesterday.

Are you arguing we should make packages fit the wiki entries?
Just as a reminder, a wiki is for documentation.

Btw, can we sometime talk about the default use of sudo, despite it not fitting the usecase of most Arch installations (sudo being a server adminstration tool)?

Last edited by Baerbeisser (2023-05-22 20:07:57)

Offline

#25 2023-05-22 20:32:37

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,330
Website

Re: Any way to avoid sudo now?

Baerbeisser wrote:

Let's see if all of my ~20 AUR packages goodly request base-devel as dependency or just fail.

They will do neither.  They will continue to work exactly the same as they did before this change.

The sky is not falling.  Tinfoil hats are not needed.

Last edited by Trilby (2023-05-22 20:32:53)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

Board footer

Powered by FluxBB