Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 794493 - dev-ruby/bundler: disable build-in sudo function
Summary: dev-ruby/bundler: disable build-in sudo function
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Ruby Team
Keywords: PATCH
Depends on:
Reported: 2021-06-06 00:31 UTC by Anton Bolshakov
Modified: 2021-06-06 11:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

nosudo patch (nosudo.patch,362 bytes, patch)
2021-06-06 00:31 UTC, Anton Bolshakov
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Bolshakov 2021-06-06 00:31:34 UTC
Created attachment 713847 [details, diff]
nosudo patch


Gentoo wants to control all installed packages unconditionally.

bundler has a default build-in function to run sudo "if possible", i.e if a current user has NOPASSWD sudo option. For such users, bunlder will escalate it is privilege from a regular user quietly and install (overwrite) any files installed by portage earlier (/usr/bin, /usr/lib{32/64}/ruby locations. That is an unexpected and almost malicious because it will not even try to ask for password if NOPASSWD option is not configured and will install all packages to a local folder.

There is no option to disable it by default during installation and the upstream seems agreed that it should be removed, see:

I suggest disabling it in Gentoo earlier with a little provided patch.