Skip to content

Try to detect sudo calls#2682

Merged
jennybc merged 4 commits intomainfrom
avoid-sudo
Mar 13, 2026
Merged

Try to detect sudo calls#2682
jennybc merged 4 commits intomainfrom
avoid-sudo

Conversation

@jennybc
Copy link
Member

@jennybc jennybc commented Mar 13, 2026
edited
Loading

devtools's new use of pak can potentially indirectly execute can_sudo_without_pw(), which is basically doing some pre-checks in case sysreq work is needed. However testing and documenting devtools would never actually need to do such sysreq tasks. We should never tickle sudo this way. The new GHA workflow is intended to make sure this stays fixed.

https://github.com/r-lib/pak/blob/cda86c5ceea65d23f2facb70303347d8e09f4081/src/library/pkgdepends/R/sysreqs.R#L567

jennybc added 3 commits March 13, 2026 14:08
@jennybc
Try to detect sudo calls
678d7a3
@jennybc
Log to a file
7bc873d
@jennybc
pak should never call sudo during R CMD check
f702c33 
We can test and document devtools's use of pak without doing any sysreq stuff, which is what the `sudo` probe relates to.
@jennybc jennybc requested review from Copilot and hadley and removed request for Copilot March 13, 2026 21:48
@jennybc
Copy link
Member Author

jennybc commented Mar 13, 2026

The ❌ shows that we can detect sudo calls. The ✅ shows that we've successfully prevented them.

Screenshot 2026-03-13 at 2 53 08 PM

@jennybc
Copy link
Member Author

jennybc commented Mar 13, 2026

Related: I also opened r-lib/pak#850.

@jennybc jennybc merged commit e915f34 into main Mar 13, 2026
15 checks passed
@jennybc jennybc deleted the avoid-sudo branch March 13, 2026 22:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hadley hadley hadley approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jennybc @hadley