fix(privesc): revert bogus AssumeInstalled directive

AssumeInstalled is only a CLI flag (--assume-installed), not a
pacman.conf directive. The line I added was emitting a warning at
every pacman run and didn't actually keep base-devel from pulling
sudo.

Live with sudo installed: /usr/local/bin/sudo (-> sudo-rs) shadows
it via PATH precedence, so the /usr/bin/sudo binary is dead code
on disk. The alternative — maintaining a dummy 'provides=sudo'
package — is more cost than the ~1.5 MB it would save.

Update bootstrap.sh comment to reflect that sudo stays installed.

1 files changed, 5 insertions, 10 deletions

diff --git a/bootstrap.sh b/bootstrap.sh
index 17f7af4..2e5721d 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -68,20 +68,15 @@ fi
 
 # 5. run just init — this deploys chezmoi, installs the 'base' meta list
 #    (which pulls in sudo-rs), deploys /etc/sudoers-rs, /etc/pam.d/sudo,
-#    and the AssumeInstalled = sudo line in /etc/pacman.conf, creates
-#    /usr/local/bin/{sudo,su,visudo,sudoedit} symlinks pointing at
-#    sudo-rs, and installs git hooks.
+#    creates /usr/local/bin/{sudo,su,visudo,sudoedit} symlinks pointing
+#    at sudo-rs (PATH precedence shadows /usr/bin/sudo), and installs
+#    git hooks. The classic 'sudo' package stays installed because
+#    base-devel hard-depends on it; that's harmless — the binary is
+#    never invoked once /usr/local/bin/sudo is in place.
 cd "$DOTFILES_DIR"
 log 'running just init'
 just init
 
-# 5b. remove the classic sudo package — base-devel's dependency is
-#     satisfied by the AssumeInstalled = sudo line written above.
-if pacman -Qq sudo >/dev/null 2>&1 && pacman -Qq sudo-rs >/dev/null 2>&1; then
-  log 'removing classic sudo (sudo-rs takes over)'
-  sudo pacman -Rns --noconfirm sudo || warn 'failed to remove sudo; remove it manually later'
-fi
-
 # 6. refresh pacman mirrorlist once via reflector (config deployed by chezmoi)
 log 'refreshing pacman mirrorlist via reflector'
 sudo reflector @/etc/xdg/reflector/reflector.conf \