allow using doas instead of sudo
sudo has its fair share of CVE and privilege escalation vulnerability. OpenBSD
doas is an alternative that's sometimes preferred and is believed to be safer. Note doas made its way into Alpine
main repo, just like sudo.
Alpine devs don't seem to be fond of sudo. Here are excerpts form #alpine-devel. This is not to be alarmist. I think sudo will probably stay around for some time.
2021-01-26 18:24:58 <jvoisin> https://www.sudo.ws/alerts/unescape_overflow.html 2021-01-26 18:25:01 <jvoisin> https://www.openwall.com/lists/oss-security/2021/01/26/3 2021-01-26 18:26:16 <ikke> ouch 2021-01-26 18:27:02 <jvoisin> don't use sudo :/ 2021-01-26 18:27:21 <ikke> I'm switching to doas […] 2021-01-26 19:04:20 <ikke> fun times 2021-01-26 19:05:55 <ikke> maybe it's time to demote sudo to community :-) […] 2021-01-26 21:55:59 <ddevault> I wrote this on the subject of doas vs sudo: https://paste.sr.ht/~sircmpwn/c6478737cfb459f84e22737f45cd0b6912e52055 […] 2021-01-26 23:24:13 <Ariadne> ddevault: i think it would be good to deprecate sudo in alpine
2021-06-11 06:02:49 <mps> mine (and not only mine) observation 'at work'. simpler systems/things are more secure than complicated ones […] 2021-06-11 06:25:34 <ncopa> mps: indeed. thats why i prefer doas over sudo
later that month
2021-06-29 20:50:49 <c705> So when will sudo be removed? 2021-06-29 20:50:54 <ikke> c705: yesterday 2021-06-29 20:51:11 <Ariadne> i mean, i would like sudo to be removed :D 2021-06-29 20:51:15 <MathGeniusJodie> same 2021-06-29 20:51:34 <c705> these are nice ideas, but I don't have alternatives 2021-06-29 20:51:43 <Ariadne> you literally do with sudo 2021-06-29 20:51:46 <Ariadne> it is called `doas`
tl;dr: sudo bad.
We can provide a choice at run time. For example, abuild has some operations that needs root, the usual recommended trick is
SUDO=doas abuild …. See https://gitlab.alpinelinux.org/alpine/abuild/-/blob/master/abuild-keygen.in#L11. We can probably use a similar trick for pmbootstrap.
Providing an alternative to sudo would be good. The further step would be not needing root at all for most operations, and that would solve this issue too. See #2052 for the follow up