[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/ - gentoo-commits

From:	Sam James <sam@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/
Date:	Tue, 28 Feb 2023 01:30:42
Message-Id:	`1677547808.96560b643add254061d9930ca3209a09d65c2dfd.sam@gentoo`

1

commit:     96560b643add254061d9930ca3209a09d65c2dfd

2

Author:     Sam James <sam <AT> gentoo <DOT> org>

3

AuthorDate: Tue Feb 28 00:01:08 2023 +0000

4

Commit:     Sam James <sam <AT> gentoo <DOT> org>

5

CommitDate: Tue Feb 28 01:30:08 2023 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96560b64

7

8

app-admin/sudo: add 1.9.13_p2

9

10

Signed-off-by: Sam James <sam <AT> gentoo.org>

11

12

 app-admin/sudo/Manifest              |   2 +

13

 app-admin/sudo/sudo-1.9.13_p2.ebuild | 286 +++++++++++++++++++++++++++++++++++

14

 2 files changed, 288 insertions(+)

15

16

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest

17

index a0cb3056f45b..2d12b8cb2247 100644

18

--- a/app-admin/sudo/Manifest

19

+++ b/app-admin/sudo/Manifest

20

@@ -8,3 +8,5 @@ DIST sudo-1.9.13.tar.gz 5093583 BLAKE2B a923879920ac5a3c71e6e898ecc9c1194f26ea5e

21

 DIST sudo-1.9.13.tar.gz.sig 566 BLAKE2B b6761e90025ccb78fe94e8152022fac74b8368b9975a4816ad1a60e9a3a5bb2a89915c55a570c1216e48ba4f1e00b08c86d84cf81e31000079d2e927c8ef5718 SHA512 045211021b12d3f7c3210be388c87a6a90391fe0b24aff567aa05b1d5431f03da852ce93e0eddc53fe3cabb5cafd46331be8f6d82efb367e5d51f46fb5017557

22

 DIST sudo-1.9.13p1.tar.gz 5096455 BLAKE2B e70545975c7570099100892121ae67686d6daa286d581a25cc0a574335c426e8cc3d5fe611525cb4d939a423cd9e7d836a27fb8d64aedcb79623ab9eb69488ec SHA512 4d19f06c4a592dac9a1a7feca6cc751093151af32313d9d579e2485fc6530a4340ec29cc2892b29dedf2a6aca3e91fb0bbf94bbfb6530f249c58430b83139044

23

 DIST sudo-1.9.13p1.tar.gz.sig 566 BLAKE2B 4176b56099394bbe78cfeb5846373614fa69d4bd84b446b714ef5d9a36307af71271df725379c3d013856fb077e7af55b377f6ea80e66b896f513a31ff633817 SHA512 df898199133082f4e9dd8e8f6c4c5b973e9d6920080ae72d6bf56247cdf2cb2c4d750b89535467e81d901ca1e09a806fa0618a7ae94ab137ba62f24257e0c4fb

24

+DIST sudo-1.9.13p2.tar.gz 5098083 BLAKE2B a96198e865c644c79b0879e1a39c9dcc5f9db2164d22fe25804805065a78424dd6ed6f9e0995cad2d0809a1a21957c6a059c6bdbd2ebdf26cfdf5488004d9cb4 SHA512 b3015a114fd518afd644c9934f2461046f1116506723217603af1a952bdb436689761b4d009dfe32b725bad2e0ebcaf19db72febfaa63895ba004256fea12bef

25

+DIST sudo-1.9.13p2.tar.gz.sig 566 BLAKE2B 60da89c9d76914965e0eb312b40b56a91b215feb880429916740ef89d0bcab38862a4332961e85aa0cf2ecc4af8f08b7f0f28ff736f2dab97a8d2b5d907aa876 SHA512 c42d9dcf7287df14e7aa6c12e5ea3a839058873859f6fdb3c5a743cd11c21d30f41958a807a0a503f8805b957dfcba57383f953b4c544334333dde5e1757a543

26

27

diff --git a/app-admin/sudo/sudo-1.9.13_p2.ebuild b/app-admin/sudo/sudo-1.9.13_p2.ebuild

28

new file mode 100644

29

index 000000000000..2d77e6863bd9

30

--- /dev/null

31

+++ b/app-admin/sudo/sudo-1.9.13_p2.ebuild

32

@@ -0,0 +1,286 @@

33

+# Copyright 1999-2023 Gentoo Authors

34

+# Distributed under the terms of the GNU General Public License v2

35

+

36

+EAPI=8

37

+

38

+inherit pam libtool tmpfiles toolchain-funcs

39

+

40

+MY_P="${P/_/}"

41

+MY_P="${MY_P/beta/b}"

42

+

43

+DESCRIPTION="Allows users or groups to run commands as other users"

44

+HOMEPAGE="https://www.sudo.ws/"

45

+

46

+if [[ ${PV} == 9999 ]] ; then

47

+	inherit mercurial

48

+	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"

49

+else

50

+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sudo.ws.asc

51

+	inherit verify-sig

52

+

53

+	uri_prefix=

54

+	case ${P} in

55

+		*_beta*|*_rc*) uri_prefix=beta/ ;;

56

+	esac

57

+

58

+	SRC_URI="

59

+		https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz

60

+		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz

61

+		verify-sig? (

62

+			https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig

63

+			ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig

64

+		)

65

+	"

66

+

67

+	if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then

68

+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~sparc-solaris"

69

+	fi

70

+

71

+	BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-sudo )"

72

+fi

73

+

74

+S="${WORKDIR}/${MY_P}"

75

+

76

+# Basic license is ISC-style as-is, some files are released under

77

+# 3-clause BSD license

78

+LICENSE="ISC BSD"

79

+SLOT="0"

80

+IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"

81

+

82

+DEPEND="

83

+	sys-libs/zlib:=

84

+	virtual/libcrypt:=

85

+	gcrypt? ( dev-libs/libgcrypt:= )

86

+	ldap? (

87

+		>=net-nds/openldap-2.1.30-r1:=

88

+		sasl? (

89

+			dev-libs/cyrus-sasl

90

+			net-nds/openldap:=[sasl]

91

+		)

92

+	)

93

+	pam? ( sys-libs/pam )

94

+	sasl? ( dev-libs/cyrus-sasl )

95

+	selinux? ( sys-libs/libselinux )

96

+	skey? ( >=sys-auth/skey-1.1.5-r1 )

97

+	ssl? ( dev-libs/openssl:0= )

98

+	sssd? ( sys-auth/sssd[sudo] )

99

+"

100

+RDEPEND="

101

+	${DEPEND}

102

+	>=app-misc/editor-wrapper-3

103

+	virtual/editor

104

+	ldap? ( dev-lang/perl )

105

+	pam? ( sys-auth/pambase )

106

+	selinux? ( sec-policy/selinux-sudo )

107

+	sendmail? ( virtual/mta )

108

+"

109

+BDEPEND+="

110

+	sys-devel/bison

111

+	virtual/pkgconfig

112

+"

113

+

114

+REQUIRED_USE="

115

+	?? ( pam skey )

116

+	?? ( gcrypt ssl )

117

+"

118

+

119

+MAKEOPTS+=" SAMPLES="

120

+

121

+src_prepare() {

122

+	default

123

+

124

+	elibtoolize

125

+}

126

+

127

+set_secure_path() {

128

+	# First extract the default ROOTPATH from build env

129

+	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")

130

+

131

+	case "${SECURE_PATH}" in

132

+		*/usr/sbin*)

133

+			;;

134

+		*)

135

+			SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")

136

+			;;

137

+	esac

138

+

139

+	if [[ -z ${SECURE_PATH} ]] ; then

140

+		ewarn "	Failed to detect SECURE_PATH, please report this"

141

+	fi

142

+

143

+	# Then remove duplicate path entries

144

+	cleanpath() {

145

+		local newpath thisp IFS=:

146

+		for thisp in $1 ; do

147

+			if [[ :${newpath}: != *:${thisp}:* ]] ; then

148

+				newpath+=:${thisp}

149

+			else

150

+				einfo "   Duplicate entry ${thisp} removed..."

151

+			fi

152

+		done

153

+		SECURE_PATH=${newpath#:}

154

+	}

155

+	cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}

156

+

157

+	# Finally, strip gcc paths, bug #136027

158

+	rmpath() {

159

+		local e newpath thisp IFS=:

160

+		for thisp in ${SECURE_PATH} ; do

161

+			for e ; do

162

+				[[ ${thisp} == ${e} ]] && continue 2 ;

163

+			done

164

+			newpath+=:${thisp}

165

+		done

166

+		SECURE_PATH=${newpath#:}

167

+	}

168

+	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'

169

+}

170

+

171

+src_configure() {

172

+	local SECURE_PATH

173

+

174

+	set_secure_path

175

+

176

+	# bug #767712

177

+	tc-export PKG_CONFIG

178

+

179

+	# - audit: somebody got to explain me how I can test this before I

180

+	# enable it.. - Diego

181

+	# - plugindir: autoconf code is crappy and does not delay evaluation

182

+	# until `make` time, so we have to use a full path here rather than

183

+	# basing off other values.

184

+	local myeconfargs=(

185

+		# We set all of the relevant options by ourselves (patched

186

+		# into the toolchain) and setting these in the build system

187

+		# actually causes a downgrade when using e.g. -D_FORTIFY_SOURCE=3

188

+		# (it'll downgrade to =2). So, this has no functional effect on

189

+		# the hardening for users. It's safe.

190

+		--disable-hardening

191

+

192

+		# requires some python eclass

193

+		--disable-python

194

+		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d

195

+		--enable-zlib=system

196

+		--with-editor="${EPREFIX}"/usr/libexec/editor

197

+		--with-env-editor

198

+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo

199

+		--with-rundir="${EPREFIX}"/run/sudo

200

+		--with-vardir="${EPREFIX}"/var/db/sudo

201

+		--without-linux-audit

202

+		--without-opie

203

+		$(use_enable gcrypt)

204

+		$(use_enable nls)

205

+		$(use_enable sasl)

206

+		$(use_enable ssl openssl)

207

+		$(use_with ldap)

208

+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)

209

+		$(use_with offensive insults)

210

+		$(use_with offensive all-insults)

211

+		$(use_with pam)

212

+		$(use_with pam pam-login)

213

+		$(use_with secure-path secure-path "${SECURE_PATH}")

214

+		$(use_with selinux)

215

+		$(use_with sendmail)

216

+		$(use_with skey)

217

+		$(use_with sssd)

218

+	)

219

+

220

+	econf "${myeconfargs[@]}"

221

+}

222

+

223

+src_install() {

224

+	default

225

+

226

+	if use ldap ; then

227

+		dodoc README.LDAP.md

228

+

229

+		cat <<-EOF > "${T}"/ldap.conf.sudo

230

+		# See ldap.conf(5) and README.LDAP.md for details

231

+		# This file should only be readable by root

232

+

233

+		# supported directives: host, port, ssl, ldap_version

234

+		# uri, binddn, bindpw, sudoers_base, sudoers_debug

235

+		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}

236

+		EOF

237

+

238

+		if use sasl ; then

239

+			cat <<-EOF >> "${T}"/ldap.conf.sudo

240

+

241

+			# SASL directives: use_sasl, sasl_mech, sasl_auth_id

242

+			# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname

243

+			EOF

244

+		fi

245

+

246

+		insinto /etc

247

+		doins "${T}"/ldap.conf.sudo

248

+		fperms 0440 /etc/ldap.conf.sudo

249

+

250

+		insinto /etc/openldap/schema

251

+		newins docs/schema.OpenLDAP sudo.schema

252

+	fi

253

+

254

+	if use pam ; then

255

+		pamd_mimic system-auth sudo auth account session

256

+		pamd_mimic system-auth sudo-i auth account session

257

+	fi

258

+

259

+	keepdir /var/db/sudo/lectured

260

+	fperms 0700 /var/db/sudo/lectured

261

+	# bug #652958

262

+	fperms 0711 /var/db/sudo

263

+

264

+	# Don't install into /run as that is a tmpfs most of the time

265

+	# (bug #504854)

266

+	rm -rf "${ED}"/run || die

267

+

268

+	# bug #697812

269

+	find "${ED}" -type f -name "*.la" -delete || die

270

+}

271

+

272

+pkg_postinst() {

273

+	tmpfiles_process sudo.conf

274

+

275

+	# bug #652958

276

+	local sudo_db="${EROOT}/var/db/sudo"

277

+	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then

278

+		chmod 711 "${sudo_db}" || die

279

+	fi

280

+

281

+	if use ldap ; then

282

+		ewarn

283

+		ewarn "sudo uses the ${ROOT}/etc/ldap.conf.sudo file for ldap configuration."

284

+		ewarn

285

+		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then

286

+			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"

287

+			ewarn "configured in ${ROOT}/etc/nsswitch.conf."

288

+			ewarn

289

+			ewarn "To make use of LDAP, add this line to your ${ROOT}/etc/nsswitch.conf:"

290

+			ewarn "  sudoers: ldap files"

291

+			ewarn

292

+		fi

293

+	fi

294

+	if use prefix ; then

295

+		ewarn

296

+		ewarn "To use sudo on Prefix, you need to change file ownership and permissions"

297

+		ewarn "with root privileges, as follows:"

298

+		ewarn

299

+		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"

300

+		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"

301

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"

302

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"

303

+		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"

304

+		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"

305

+		ewarn

306

+	fi

307

+

308

+	elog "To use the -A (askpass) option, you need to install a compatible"

309

+	elog "password program from the following list. Starred packages will"

310

+	elog "automatically register for the use with sudo (but will not force"

311

+	elog "the -A option):"

312

+	elog ""

313

+	elog " [*] net-misc/ssh-askpass-fullscreen"

314

+	elog "     net-misc/x11-ssh-askpass"

315

+	elog ""

316

+	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"

317

+	elog "variable to the program you want to use."

318

+}

1	commit: 96560b643add254061d9930ca3209a09d65c2dfd
2	Author: Sam James <sam <AT> gentoo <DOT> org>
3	AuthorDate: Tue Feb 28 00:01:08 2023 +0000
4	Commit: Sam James <sam <AT> gentoo <DOT> org>
5	CommitDate: Tue Feb 28 01:30:08 2023 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96560b64
7
8	app-admin/sudo: add 1.9.13_p2
9
10	Signed-off-by: Sam James <sam <AT> gentoo.org>
11
12	app-admin/sudo/Manifest \| 2 +
13	app-admin/sudo/sudo-1.9.13_p2.ebuild \| 286 +++++++++++++++++++++++++++++++++++
14	2 files changed, 288 insertions(+)
15
16	diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
17	index a0cb3056f45b..2d12b8cb2247 100644
18	--- a/app-admin/sudo/Manifest
19	+++ b/app-admin/sudo/Manifest
20	@@ -8,3 +8,5 @@ DIST sudo-1.9.13.tar.gz 5093583 BLAKE2B a923879920ac5a3c71e6e898ecc9c1194f26ea5e
21	DIST sudo-1.9.13.tar.gz.sig 566 BLAKE2B b6761e90025ccb78fe94e8152022fac74b8368b9975a4816ad1a60e9a3a5bb2a89915c55a570c1216e48ba4f1e00b08c86d84cf81e31000079d2e927c8ef5718 SHA512 045211021b12d3f7c3210be388c87a6a90391fe0b24aff567aa05b1d5431f03da852ce93e0eddc53fe3cabb5cafd46331be8f6d82efb367e5d51f46fb5017557
22	DIST sudo-1.9.13p1.tar.gz 5096455 BLAKE2B e70545975c7570099100892121ae67686d6daa286d581a25cc0a574335c426e8cc3d5fe611525cb4d939a423cd9e7d836a27fb8d64aedcb79623ab9eb69488ec SHA512 4d19f06c4a592dac9a1a7feca6cc751093151af32313d9d579e2485fc6530a4340ec29cc2892b29dedf2a6aca3e91fb0bbf94bbfb6530f249c58430b83139044
23	DIST sudo-1.9.13p1.tar.gz.sig 566 BLAKE2B 4176b56099394bbe78cfeb5846373614fa69d4bd84b446b714ef5d9a36307af71271df725379c3d013856fb077e7af55b377f6ea80e66b896f513a31ff633817 SHA512 df898199133082f4e9dd8e8f6c4c5b973e9d6920080ae72d6bf56247cdf2cb2c4d750b89535467e81d901ca1e09a806fa0618a7ae94ab137ba62f24257e0c4fb
24	+DIST sudo-1.9.13p2.tar.gz 5098083 BLAKE2B a96198e865c644c79b0879e1a39c9dcc5f9db2164d22fe25804805065a78424dd6ed6f9e0995cad2d0809a1a21957c6a059c6bdbd2ebdf26cfdf5488004d9cb4 SHA512 b3015a114fd518afd644c9934f2461046f1116506723217603af1a952bdb436689761b4d009dfe32b725bad2e0ebcaf19db72febfaa63895ba004256fea12bef
25	+DIST sudo-1.9.13p2.tar.gz.sig 566 BLAKE2B 60da89c9d76914965e0eb312b40b56a91b215feb880429916740ef89d0bcab38862a4332961e85aa0cf2ecc4af8f08b7f0f28ff736f2dab97a8d2b5d907aa876 SHA512 c42d9dcf7287df14e7aa6c12e5ea3a839058873859f6fdb3c5a743cd11c21d30f41958a807a0a503f8805b957dfcba57383f953b4c544334333dde5e1757a543
26
27	diff --git a/app-admin/sudo/sudo-1.9.13_p2.ebuild b/app-admin/sudo/sudo-1.9.13_p2.ebuild
28	new file mode 100644
29	index 000000000000..2d77e6863bd9
30	--- /dev/null
31	+++ b/app-admin/sudo/sudo-1.9.13_p2.ebuild
32	@@ -0,0 +1,286 @@
33	+# Copyright 1999-2023 Gentoo Authors
34	+# Distributed under the terms of the GNU General Public License v2
35	+
36	+EAPI=8
37	+
38	+inherit pam libtool tmpfiles toolchain-funcs
39	+
40	+MY_P="${P/_/}"
41	+MY_P="${MY_P/beta/b}"
42	+
43	+DESCRIPTION="Allows users or groups to run commands as other users"
44	+HOMEPAGE="https://www.sudo.ws/"
45	+
46	+if [[ ${PV} == 9999 ]] ; then
47	+ inherit mercurial
48	+ EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
49	+else
50	+ VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sudo.ws.asc
51	+ inherit verify-sig
52	+
53	+ uri_prefix=
54	+ case ${P} in
55	+ _beta\|_rc) uri_prefix=beta/ ;;
56	+ esac
57	+
58	+ SRC_URI="
59	+ https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
60	+ ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz
61	+ verify-sig? (
62	+ https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig
63	+ ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig
64	+ )
65	+ "
66	+
67	+ if [[ ${PV} != _beta && ${PV} != _rc ]] ; then
68	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~sparc-solaris"
69	+ fi
70	+
71	+ BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-sudo )"
72	+fi
73	+
74	+S="${WORKDIR}/${MY_P}"
75	+
76	+# Basic license is ISC-style as-is, some files are released under
77	+# 3-clause BSD license
78	+LICENSE="ISC BSD"
79	+SLOT="0"
80	+IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
81	+
82	+DEPEND="
83	+ sys-libs/zlib:=
84	+ virtual/libcrypt:=
85	+ gcrypt? ( dev-libs/libgcrypt:= )
86	+ ldap? (
87	+ >=net-nds/openldap-2.1.30-r1:=
88	+ sasl? (
89	+ dev-libs/cyrus-sasl
90	+ net-nds/openldap:=[sasl]
91	+ )
92	+ )
93	+ pam? ( sys-libs/pam )
94	+ sasl? ( dev-libs/cyrus-sasl )
95	+ selinux? ( sys-libs/libselinux )
96	+ skey? ( >=sys-auth/skey-1.1.5-r1 )
97	+ ssl? ( dev-libs/openssl:0= )
98	+ sssd? ( sys-auth/sssd[sudo] )
99	+"
100	+RDEPEND="
101	+ ${DEPEND}
102	+ >=app-misc/editor-wrapper-3
103	+ virtual/editor
104	+ ldap? ( dev-lang/perl )
105	+ pam? ( sys-auth/pambase )
106	+ selinux? ( sec-policy/selinux-sudo )
107	+ sendmail? ( virtual/mta )
108	+"
109	+BDEPEND+="
110	+ sys-devel/bison
111	+ virtual/pkgconfig
112	+"
113	+
114	+REQUIRED_USE="
115	+ ?? ( pam skey )
116	+ ?? ( gcrypt ssl )
117	+"
118	+
119	+MAKEOPTS+=" SAMPLES="
120	+
121	+src_prepare() {
122	+ default
123	+
124	+ elibtoolize
125	+}
126	+
127	+set_secure_path() {
128	+ # First extract the default ROOTPATH from build env
129	+ SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
130	+
131	+ case "${SECURE_PATH}" in
132	+ /usr/sbin)
133	+ ;;
134	+ *)
135	+ SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
136	+ ;;
137	+ esac
138	+
139	+ if [[ -z ${SECURE_PATH} ]] ; then
140	+ ewarn " Failed to detect SECURE_PATH, please report this"
141	+ fi
142	+
143	+ # Then remove duplicate path entries
144	+ cleanpath() {
145	+ local newpath thisp IFS=:
146	+ for thisp in $1 ; do
147	+ if [[ :${newpath}: != :${thisp}: ]] ; then
148	+ newpath+=:${thisp}
149	+ else
150	+ einfo " Duplicate entry ${thisp} removed..."
151	+ fi
152	+ done
153	+ SECURE_PATH=${newpath#:}
154	+ }
155	+ cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
156	+
157	+ # Finally, strip gcc paths, bug #136027
158	+ rmpath() {
159	+ local e newpath thisp IFS=:
160	+ for thisp in ${SECURE_PATH} ; do
161	+ for e ; do
162	+ [[ ${thisp} == ${e} ]] && continue 2 ;
163	+ done
164	+ newpath+=:${thisp}
165	+ done
166	+ SECURE_PATH=${newpath#:}
167	+ }
168	+ rmpath '/gcc-bin/' '/gnat-gcc-bin/' '/gnat-gcc/'
169	+}
170	+
171	+src_configure() {
172	+ local SECURE_PATH
173	+
174	+ set_secure_path
175	+
176	+ # bug #767712
177	+ tc-export PKG_CONFIG
178	+
179	+ # - audit: somebody got to explain me how I can test this before I
180	+ # enable it.. - Diego
181	+ # - plugindir: autoconf code is crappy and does not delay evaluation
182	+ # until `make` time, so we have to use a full path here rather than
183	+ # basing off other values.
184	+ local myeconfargs=(
185	+ # We set all of the relevant options by ourselves (patched
186	+ # into the toolchain) and setting these in the build system
187	+ # actually causes a downgrade when using e.g. -D_FORTIFY_SOURCE=3
188	+ # (it'll downgrade to =2). So, this has no functional effect on
189	+ # the hardening for users. It's safe.
190	+ --disable-hardening
191	+
192	+ # requires some python eclass
193	+ --disable-python
194	+ --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
195	+ --enable-zlib=system
196	+ --with-editor="${EPREFIX}"/usr/libexec/editor
197	+ --with-env-editor
198	+ --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
199	+ --with-rundir="${EPREFIX}"/run/sudo
200	+ --with-vardir="${EPREFIX}"/var/db/sudo
201	+ --without-linux-audit
202	+ --without-opie
203	+ $(use_enable gcrypt)
204	+ $(use_enable nls)
205	+ $(use_enable sasl)
206	+ $(use_enable ssl openssl)
207	+ $(use_with ldap)
208	+ $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
209	+ $(use_with offensive insults)
210	+ $(use_with offensive all-insults)
211	+ $(use_with pam)
212	+ $(use_with pam pam-login)
213	+ $(use_with secure-path secure-path "${SECURE_PATH}")
214	+ $(use_with selinux)
215	+ $(use_with sendmail)
216	+ $(use_with skey)
217	+ $(use_with sssd)
218	+ )
219	+
220	+ econf "${myeconfargs[@]}"
221	+}
222	+
223	+src_install() {
224	+ default
225	+
226	+ if use ldap ; then
227	+ dodoc README.LDAP.md
228	+
229	+ cat <<-EOF > "${T}"/ldap.conf.sudo
230	+ # See ldap.conf(5) and README.LDAP.md for details
231	+ # This file should only be readable by root
232	+
233	+ # supported directives: host, port, ssl, ldap_version
234	+ # uri, binddn, bindpw, sudoers_base, sudoers_debug
235	+ # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
236	+ EOF
237	+
238	+ if use sasl ; then
239	+ cat <<-EOF >> "${T}"/ldap.conf.sudo
240	+
241	+ # SASL directives: use_sasl, sasl_mech, sasl_auth_id
242	+ # sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
243	+ EOF
244	+ fi
245	+
246	+ insinto /etc
247	+ doins "${T}"/ldap.conf.sudo
248	+ fperms 0440 /etc/ldap.conf.sudo
249	+
250	+ insinto /etc/openldap/schema
251	+ newins docs/schema.OpenLDAP sudo.schema
252	+ fi
253	+
254	+ if use pam ; then
255	+ pamd_mimic system-auth sudo auth account session
256	+ pamd_mimic system-auth sudo-i auth account session
257	+ fi
258	+
259	+ keepdir /var/db/sudo/lectured
260	+ fperms 0700 /var/db/sudo/lectured
261	+ # bug #652958
262	+ fperms 0711 /var/db/sudo
263	+
264	+ # Don't install into /run as that is a tmpfs most of the time
265	+ # (bug #504854)
266	+ rm -rf "${ED}"/run \|\| die
267	+
268	+ # bug #697812
269	+ find "${ED}" -type f -name "*.la" -delete \|\| die
270	+}
271	+
272	+pkg_postinst() {
273	+ tmpfiles_process sudo.conf
274	+
275	+ # bug #652958
276	+ local sudo_db="${EROOT}/var/db/sudo"
277	+ if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
278	+ chmod 711 "${sudo_db}" \|\| die
279	+ fi
280	+
281	+ if use ldap ; then
282	+ ewarn
283	+ ewarn "sudo uses the ${ROOT}/etc/ldap.conf.sudo file for ldap configuration."
284	+ ewarn
285	+ if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
286	+ ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
287	+ ewarn "configured in ${ROOT}/etc/nsswitch.conf."
288	+ ewarn
289	+ ewarn "To make use of LDAP, add this line to your ${ROOT}/etc/nsswitch.conf:"
290	+ ewarn " sudoers: ldap files"
291	+ ewarn
292	+ fi
293	+ fi
294	+ if use prefix ; then
295	+ ewarn
296	+ ewarn "To use sudo on Prefix, you need to change file ownership and permissions"
297	+ ewarn "with root privileges, as follows:"
298	+ ewarn
299	+ ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
300	+ ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
301	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
302	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
303	+ ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
304	+ ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
305	+ ewarn
306	+ fi
307	+
308	+ elog "To use the -A (askpass) option, you need to install a compatible"
309	+ elog "password program from the following list. Starred packages will"
310	+ elog "automatically register for the use with sudo (but will not force"
311	+ elog "the -A option):"
312	+ elog ""
313	+ elog " [*] net-misc/ssh-askpass-fullscreen"
314	+ elog " net-misc/x11-ssh-askpass"
315	+ elog ""
316	+ elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
317	+ elog "variable to the program you want to use."
318	+}

Gentoo Archives: gentoo-commits