baselayout-2.5 is deprecating ROOTPATH. We should stop using it in the sudo ebuild.
Do we need to source profile.env in the sudo ebuild at all? If we do, we definitely should be using PATH instead of ROOTPATH, especially with baselayout-2.6 and newer. My other concern about sourcing profile.env at build time is you are reading settings from the build machine which may not be the machine the package runs on ultimately.
Created attachment 534864 [details, diff] fix-secure-path.patch This patch does two things. First, it renames the internal variable in the ebuild from ROOTPATH to SECURE_PATH so it is more readable. Second, it checks ROOTPATH for /usr/bin and uses it if this directory is in the setting. Otherwise, it uses PATH.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=338410442c235bafc7d4b605a3f680618a8b6481 commit 338410442c235bafc7d4b605a3f680618a8b6481 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2018-06-22 21:27:17 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2018-06-22 21:28:15 +0000 app-admin/sudo: 1.8.23-r1 bump for bug #656802 This hard codes the secure path in the ebuild instead of attempting to read ROOTPATH from profile.env since ROOTPATH is going away. Closes: https://bugs.gentoo.org/656802 Package-Manager: Portage-2.3.40, Repoman-2.3.9 app-admin/sudo/sudo-1.8.23-r1.ebuild | 231 +++++++++++++++++++++++++++++++++++ 1 file changed, 231 insertions(+)
