AUR asks for password on `makepkg`

Hello, please forgive me for sticking my nose where it does not belong, as I am not an Arch user, but it appears like you’re trying to treat ruby gems like a special dependency. You should be asking for the ruby gem module to get put into the system before trying to build your package like any other dependency.

It looks like you are failing at a missing ruby archive-tar-minitar dependency, which is available in the aur at https://aur.archlinux.org/packages/ruby-archive-tar-minitar/.

Additionally, the original issue appears to be an attempt to use bundle install to bypass the package manager and directly install system files from inside Arch’s package builder, which should be a security violation. The expectation should be that all sane package managers do not allow for system files to be changed or written outside of the build sandbox.

The distinction here is that all files to be installed to the system go to a staging folder, and the package manager does all it’s normal sanity checks like checking for file conflicts as well as generating a file manifest so that the package can later be removed. Other dependency managers like ruby’s bundler bypass the package manager and push files into the system without the package manager being involved, which is fine for individual system admin’s to choose to do to their own systems, but not okay for package maintainers to do to other people’s systems.

Finally managed to get an ArchLinux VM running, I can confirm 18.4.0 installs correctly, without asking for root password or filling ~/.bundle. The only thing missing is a dependency on libxss.