| Summary: | app-admin/sudo-1.7.2_p1: default editor set in ebuild forces user to have nano installed. | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Arthur D. <spinal.by> |
| Component: | New packages | Assignee: | Diego Elio Pettenò (RETIRED) <flameeyes> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | rob, ulm |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=829917 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 293985 | ||
| Bug Blocks: | 294651 | ||
| Attachments: | Add USE "vanilla" to sudo package | ||
|
Description
Arthur D.
2009-09-22 20:00:01 UTC
This can be changed by setting the VISUAL variable to /usr/bin/vim (for root) Further experimentation leads me to the conclusion that using sudo visudo doesn't seem to read environment variables, but using sudo su and then visudo works. No idea why though. sudo resets the environment, so the value of EDITOR is lost. But the behaviour can be configured in the sudoers file. See "SUDOERS OPTIONS" in sudoers(5). You'll need to set the parameters "env_keep" and "editor" at least. This would require having an "editor" script and an eselect editor module, but I really don't want to start with this myself… To Diego E. 'Flameeyes' Pettenò:
That was funny, closing that ticket as CANTFIX.
What about changing the string in ebuild:
--with-editor=/bin/nano
to something like this:
--with-editor="${EDITOR}"
Could you please forward the ticket to someone who can make decisions?
Thank you.
(In reply to comment #5) > --with-editor="${EDITOR}" That would mean that the installed package depends on an environment variable defined during build time, which looks wrong to me. And as said in comment #3, the behaviour is fully configurable via /etc/sudoers. The compile-time setting is only used as a last resort. > Could you please forward the ticket to someone who can make decisions? Reassigning to maintainer. Which I already did. By the way you can override the choice at buildtime using EXTRA_ECONF. Sorry for reopening the ticket again. But... (In reply to comment #6) > (In reply to comment #5) > > --with-editor="${EDITOR}" > > That would mean that the installed package depends on an environment variable > defined during build time, which looks wrong to me. You will be surprised, but the package already depends on environment variable. Look at this line: econf --with-secure-path="${ROOTPATH}" That line brings us to ticket #286014 by the way. I don't see any real reason blocking us from setting --with-editor=$EDITOR variable in compile time. That variable is set in /etc/rc.conf by default when you unpack stage3 which is default Gentoo installation. And then it could be changed by eselect editor. Anyway changing that to something like this: --with-editor=/bin/nano to something like this: --with-editor=${EDITOR:-/bin/nano} ... should be considered safe and better default than it is now. Don't you think so? The things now are that the users who prefer other editors over nano are forced to make excessive job when setting sudo. Why should anybody be forced to have nano installed on gentoo system? Where's the freedom all of you are talking about? Why should the user be forced to spend his time searching through manuals and ebuilds of sudo to make the system just work as it should, instead of running simple "emerge sudo", when all variables are set? I don't think I'm the only user who use vim as the default editor. Setting EXTRA_ECONF is not a good approach because it should be done every time sudo is updated. Editing sudoers file is better, but that should be done by every user who doesn't want to mess with nano. Why not just automate this task? That can be done so easily... Please, don't close the ticket for a while. I want to learn your argue first. Thank you. No really, I'm not going to start adding stuff like this; if you want this fixed you really can look into making virtual/editor behave somewhat decently by _providing_ an editor command. Also, note that sudo at runtime _uses_ EDITOR, and only goes back to nano when the variable is unset at runtime. (In reply to comment #10) > Also, note that sudo at runtime _uses_ EDITOR, and only goes back to nano when > the variable is unset at runtime. > Please note, that sudo _DOESN'T_ use EDITOR variable at runtime. Proof? Here're 3 examples: 1) set EDITOR to be /usr/bin/vim 1) Run "sudo dispatch-conf" and use it's editor to merge changes. Runs nano? Surprise! It will run nothing if you did "emerge -c nano" previously 2) Run "sudo etc-update". Go, run internal editor to merge changes. Surprise again!.. 3) Make simple bush script. Something like this: ------------- #!/bin/bash echo $EDITOR ------------- Now run it with "sudo sh <myscript>" Nothing is out! What an interesting behaviour. By the way, is there any other reason not to make this line except YOU ARE nano user? --with-editor=${EDITOR:-/bin/nano} Providing editor command is a really stupid idea IMHO, because many users have more than one editor. And there's already $EDITOR variable set. And if you don't want to add something to ebuild, why not just remove that excessive option --with-editor= from econf? I think visudo is called VIsudo and not nanosudo with a reason. (In reply to comment #11) > Please note, that sudo _DOESN'T_ use EDITOR variable at runtime. It does, if you add the following line to your /etc/sudoers though: Defaults env_keep="EDITOR VISUAL" All this is well-documented in sudo's man page. The *default* editor used by Gentoo *is* nano. Check the stages. And no, I neither use nor have nano installed. And I start to get quite pissed off by your insisting reopening this bug. Finally, I'd like to point out that you're now talking about a _completely_ different issue. By default sudo resets the environment, so yes of course you're going to get the default editor, which, both in stages and in baselayout, *is nano*. You want to use your set EDITOR variable? Add it to env_keep! What about adding this to make default sudoers file respect EDITOR value? Defaults env_keep="EDITOR VISUAL" (In reply to comment #14) > What about adding this to make default sudoers file respect EDITOR value? > > Defaults env_keep="EDITOR VISUAL" Upstream decided _not_ to enable this by default (and the reasons for this are explained at length in sudo's man page), and we normally don't override such decisions unless there's a very good reason. Please don't reopen this bug. I'd like to avoid to restrict it to developers. (In reply to comment #13) > You want to use your set EDITOR variable? Add it to env_keep! > AFAIK, EDITOR is system variable from rc.conf, not user variable. This way it becames a system-wide preset. And for sure portage should respect system-wide preferences. Diego, you do bad things by hardcoding nano into ebuild. This is bad policy. Gentoo is NOT *default* distribution. Gentoo ALWAYS was an meta-distribution. (In reply to comment #16) > (In reply to comment #13) > > You want to use your set EDITOR variable? Add it to env_keep! > > > > AFAIK, EDITOR is system variable from rc.conf, not user variable. This way it > becames a system-wide preset. And for sure portage should respect system-wide > preferences. This is not about portage, it's about sudo, Ulrich explained it very well above so read it. If you think that because you are a fan of <whatever editor> we should lower the security level of sudo then you are wrong. If you don't like like sudo behaves, then you should look for a solution upstream, Gentoo didn't develop sudo. For now, sudo wants a default editor at compile time, and we can only give a sane default, and I really hope you are not expecting that we will set it to vim or emacs. However, and being that said, I guess that it could be considered for the future something like a GENTOO_EDITOR or PORTAGE_EDITOR in the same fashion that VIDEO_CARDS or INPUT_DEVICES in your make.conf, however that would need some thought, since the ebuilds and eclasses would need to be aware of it to push the correct dependencies. In that case, there would be no problem in using --with-editor="${PORTAGE_EDITOR}", I guess. Just a random idea. Actually it's pretty easy: just use one of the many ways to provide per-package environment variables, and set EXTRA_ECONF="--with-editor=/whatever/you/want" to choose your own editor. All this words about upstream and per-package environment is just words and introduced ways don't go the Gentoo Way. Gento way is to get EDITOR variable from /etc/rc.conf, which is system preferences file, and configure sudo with "--with-editor=$(which $EDITOR)" I can't understand why do you tell us about compile-time and upstream when we all already knows it. We just want not to hardcode nano as editor but to go the Gentoo Way. > If you think that because you are a fan of <whatever editor> we > should lower the security level of sudo then you are wrong. Please explain now what security risks are you talking about? If there's at least one real, I will give you my personal apologies for just opening that ticket. > EXTRA_ECONF="--with-editor=/whatever/you/want" Diego, that variable should be set every time when sudo is reinstalled. The user should make manually what should be made automatically. Okay. Now I'm seriously *tired* and *pissed off* and I'm going to say "bye" to politically correctness and politeness. If I hear one of you _again_ come up with "the Gentoo Way" *while not being a Gentoo developer*, I'm going to ask for your bugzilla account to be locked down. I'm _not_ going to change this behaviour. Full stop. Sudo wants a default (which the admin can change in the configuration file), and that default is _the same as provided in baselayout!_ The same editor that _is installed with the damn stages_. You want to change it? You change it with EXTRA_ECONF. Hello, Diego. Sudo developers supposed VI to be the default editor for visudo and many users migrated from other Distributions (where vanilla behaviour was respected at least) to Gentoo without any notification that they might have some issues if they prefer other editors than nano. Why not check if vim binary is in place and ONLY THEN (when it's obviously absent) hardcode the Gentoo Best Award of Choice Editor? Or some elog notification in the end of emerge at least? Created attachment 205815 [details, diff]
Add USE "vanilla" to sudo package
This patch makes sudo to be compiled with default editor
supposed by it's developers if "vanilla" USE flag is set.
Read comment #13 and comment #22 again. EOD, restricting this bug report to devs. u can use $ sudo -E visudo as a workaround. this will not reset the env, and sudo will use your $EDITOR (In reply to comment #4) > This would require having an "editor" script Committed today as app-editors/gentoo-editor. > and an eselect editor module This already exists since some time, see bug 190216. Only ~mips and ~sparc-fbsd keywords missing from new sudo ebuild, so I think we can consider this bug as fixed. |
