From e1df19ee6f5a872791142a8dee34b4299d5b3dfe Mon Sep 17 00:00:00 2001
From: Allan McRae <allan@archlinux.org>
Date: Sun, 5 May 2024 14:27:20 +1000
Subject: [PATCH] makepkg: drop sudo permissions after use

Add the -k parameter to the sudo call to prevent caching of credientials.
This would (potentailly) stop a rogue sudo use within a PKGBUILD.

Signed-off-by: Allan McRae <allan@archlinux.org>
---
 scripts/makepkg.sh.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index e74e987e..bad9f15c 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -241,7 +241,7 @@ run_pacman() {
 				cmd=("${PACMAN_AUTH[@]}" "${cmd[@]}")
 			fi
 		elif type -p sudo >/dev/null; then
-			cmd=(sudo "${cmd[@]}")
+			cmd=(sudo -k "${cmd[@]}")
 		else
 			cmd=(su root -c "$cmdescape")
 		fi