Predefined flows shouldn't attempting to download and compile things, especially not with sudo

[expenses]

The predefined coverage-kcov flow downloads kcov, builds it and tries to install it with sudo. This is pretty dangerous and is totally unnecessary. It'd be much better to just check if kcov exists in $PATH and just print an error if it doesn't exist.

[sagiegurari]

today it both checks if it exists and also checks for min capabilities (meaning that its not an old kcov version that is not supported). only if it is old or not installed will it call sudo installation flow.

i know it feels risky, but the code is open source and you can see exactly what it does so there is a lot of transparency here. also you don't have to allow the sudo and it will just fail.
but i do feel its really helpful as it sets up everything for you which is not simple one liner so i would'nt want (as a user) to lose it.

[sagiegurari]

by the way, cargo-make also supports tarpaulin and you can change it via env to use that.
for me its not working well so its not the default one.

[sagiegurari]

@expenses i just pushed a commit which enables to have sudo invocation prevented for non CI envs.
you just need to define the CARGO_MAKE_SUDO_DISABLE env in your makefile and it will try to run kcov without trying to install first.
hope this helps you

[sagiegurari]

i'm closing this one because

1. just release a new cargo-make version which enables to disable sudo if requested
2. lack of feedback from OP