build: `apt-get purge sudo` after using it for sudo= build field

Once `sudo` has been used to execute the commands in sudo=, then it should
be removed from the build VM.  That prevents any other part of the build
from using sudo.  That means that all commands run with `sudo` must be
committed to fdroiddata.git, making them very visible.

closes #424

diff --git a/fdroidserver/build.py b/fdroidserver/build.py
index d83342d50e3b72a0ebaefa5f6dff9cf0be120401..e2866fbd37c946a6ff5349fff4ebbad6239e1b59 100644 (file)
--- a/fdroidserver/build.py
+++ b/fdroidserver/build.py
@@ -414,6 +414,11 @@ def build_local(app, build, vcs, build_dir, output_dir, log_dir, srclib_dir, ext
                 raise BuildException("Error running sudo command for %s:%s" %
                                      (app.id, build.versionName), p.output)
 
+        p = FDroidPopen(['sudo', 'apt-get', '-y', 'purge', 'sudo'])
+        if p.returncode != 0:
+            raise BuildException("Error removing sudo for %s:%s" %
+                                 (app.id, build.versionName), p.output)
+
         log_path = os.path.join(log_dir,
                                 common.get_toolsversion_logname(app, build))
         with open(log_path, 'w') as f: