makepkg should giveup sudo powers after installing dependencies
makepkg uses sudo
to install dependencies which usually requires user password. After entering password, the user thinks the build step is done as a regular user. However If the build script uses sudo
(accidentally or maliciously), password is not required again to get root privileges.
sudo -k
would help for this. man
-k, --reset-timestamp
When used without a command, invalidates the user's cached credentials for the current session. The next time sudo is run in the session, a password must be entered if the security policy requires authentication.