diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:31 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:31 +0100 |
| commit | eeb3752074edcb110cd3709689e818b57fd2d2fd (patch) | |
| tree | 757dc45a5f840c8b76acf1906868d8e1c4bbbd72 /etc/pacman.conf | |
| parent | 3d263bdbb48e7616a12af26ef094e5a416f9a735 (diff) | |
| download | dotfiles-eeb3752074edcb110cd3709689e818b57fd2d2fd.tar.gz dotfiles-eeb3752074edcb110cd3709689e818b57fd2d2fd.tar.bz2 dotfiles-eeb3752074edcb110cd3709689e818b57fd2d2fd.zip | |
feat(privesc): drop classic sudo via AssumeInstalled
base-devel hard-depends on the sudo package, so without help, pacman
refuses to remove it. The Arch-native fix is pacman.conf's
AssumeInstalled directive: tell pacman to pretend a virtual
sudo=99.0 is installed and base-devel's dep is satisfied without
actually pulling sudo in.
- etc/pacman.conf: AssumeInstalled = sudo=99.0
- bootstrap.sh: after 'just init' (which writes the AssumeInstalled
line and installs sudo-rs), Rns the leftover sudo package so a
fresh install ends up with sudo-rs only.
Also reformat bootstrap.sh and the etc deploy script with the
project's shfmt style (-i 2 -ci -s).
Diffstat (limited to 'etc/pacman.conf')
| -rw-r--r-- | etc/pacman.conf | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/pacman.conf b/etc/pacman.conf index f6e7e64..53b684a 100644 --- a/etc/pacman.conf +++ b/etc/pacman.conf @@ -16,6 +16,10 @@ #GPGDir = /etc/pacman.d/gnupg/ #HookDir = /etc/pacman.d/hooks/ HoldPkg = pacman glibc +# sudo-rs replaces sudo (memory-safe Rust rewrite). base-devel still +# lists sudo as a member, so pretend it's installed to keep pacman +# from pulling it in. See https://wiki.archlinux.org/title/Pacman#Skip_package_from_being_installed_to_system +AssumeInstalled = sudo=99.0 #XferCommand = /usr/bin/curl -L -C - -f -o %o %u #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u #CleanMethod = KeepInstalled |