[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/files/, app-admin/sudo/ - gentoo-commits

From:	David Seifert <soap@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/files/, app-admin/sudo/
Date:	Sat, 15 May 2021 22:15:29
Message-Id:	`1621116875.3ee41e51ea61830f476902cec874a01cb70d384e.soap@gentoo`

1

commit:     3ee41e51ea61830f476902cec874a01cb70d384e

2

Author:     David Seifert <soap <AT> gentoo <DOT> org>

3

AuthorDate: Sat May 15 22:14:35 2021 +0000

4

Commit:     David Seifert <soap <AT> gentoo <DOT> org>

5

CommitDate: Sat May 15 22:14:35 2021 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ee41e51

7

8

app-admin/sudo: drop 1.9.5_p2-r1

9

10

Signed-off-by: David Seifert <soap <AT> gentoo.org>

11

12

 app-admin/sudo/Manifest                            |   1 -

13

 .../files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch   |  51 ----

14

 app-admin/sudo/sudo-1.9.5_p2-r1.ebuild             | 264 ---------------------

15

 3 files changed, 316 deletions(-)

16

17

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest

18

index ed865c663ca..78817b15d37 100644

19

--- a/app-admin/sudo/Manifest

20

+++ b/app-admin/sudo/Manifest

21

@@ -1,3 +1,2 @@

22

-DIST sudo-1.9.5p2.tar.gz 4012277 BLAKE2B 41913887463e4f775564af8d614fb5ed762200aa777dc789ec333842d4f432323474fc952a531fe929b33607cdfbcd18d7fe7470a15d67139deaf855841ed11f SHA512 f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27

23

 DIST sudo-1.9.6p1.tar.gz 4119888 BLAKE2B 02bdb551c46cff11ac56e64937c64e6a29ccd8e0af34ea2f6b33c223bee8f7ad958d0fc3d7ef8ef12bf5bc82565769b923ff112a3f3d6bf6999fa4f6ea55e38e SHA512 632dfe72f04ce9a7a5a7236fcd5c09ce4535e695ced49d24dd848e3a7b1bea7380df44188b9e475af4271069539b5a5816948a98fbb0649ebebaba8b4c4b7745

24

 DIST sudo-1.9.7.tar.gz 4194242 BLAKE2B 5addf9fc0a8fea8ada89f240f827dcec973277f120ad98f7942f8e46e2869c676eaca044b9c46e43dab120efea3413c71e19c30ef5b0d9cc4d9ad8f0413dbffe SHA512 53e9f18f6c0acd4f80c0cd695cd23781310e9edd305d1b3ea19653efa3fd7faba149daef0ba4953615b140a8816bc980c9bd8d28545dd8db98075abf11b63e61

25

26

diff --git a/app-admin/sudo/files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch b/app-admin/sudo/files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch

27

deleted file mode 100644

28

index 7cae441cbcf..00000000000

29

--- a/app-admin/sudo/files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch

30

+++ /dev/null

31

@@ -1,51 +0,0 @@

32

-

33

-# HG changeset patch

34

-# User Todd C. Miller <Todd.Miller@××××.ws>

35

-# Date 1611924154 25200

36

-# Node ID e0d4f196ba027604154f79ddd03a0b90f90c9607

37

-# Parent  cd1c7615e861083e9e9b61d0e0070354e227ea5c

38

-Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4.

39

-init_eventlog_config() is called immediately after initializing the

40

-Defaults settings, which is before struct sudo_user is setup.  This

41

-adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined

42

-after the invoking user is determined.  Reported by Roman Fiedler.

43

-

44

-diff -r cd1c7615e861 -r e0d4f196ba02 plugins/sudoers/logging.c

45

---- a/plugins/sudoers/logging.c	Tue Dec 08 12:35:21 2020 -0700

46

-+++ b/plugins/sudoers/logging.c	Fri Jan 29 05:42:34 2021 -0700

47

-@@ -786,11 +786,6 @@

48

- init_eventlog_config(void)

49

- {

50

-     int logtype = 0;

51

--#ifdef NO_ROOT_MAILER

52

--    uid_t mailuid = user_uid;

53

--#else

54

--    uid_t mailuid = ROOT_UID;

55

--#endif

56

-     debug_decl(init_eventlog_config, SUDOERS_DEBUG_LOGGING);

57

-

58

-     if (def_syslog)

59

-@@ -805,7 +800,7 @@

60

-     eventlog_set_syslog_alertpri(def_syslog_badpri);

61

-     eventlog_set_syslog_maxlen(def_syslog_maxlen);

62

-     eventlog_set_file_maxlen(def_loglinelen);

63

--    eventlog_set_mailuid(mailuid);

64

-+    eventlog_set_mailuid(ROOT_UID);

65

-     eventlog_set_omit_hostname(!def_log_host);

66

-     eventlog_set_logpath(def_logfile);

67

-     eventlog_set_time_fmt(def_log_year ? "%h %e %T %Y" : "%h %e %T");

68

-diff -r cd1c7615e861 -r e0d4f196ba02 plugins/sudoers/policy.c

69

---- a/plugins/sudoers/policy.c	Tue Dec 08 12:35:21 2020 -0700

70

-+++ b/plugins/sudoers/policy.c	Fri Jan 29 05:42:34 2021 -0700

71

-@@ -518,6 +518,10 @@

72

-     /* Some systems support fexecve() which we use for digest matches. */

73

-     cmnd_fd = -1;

74

-

75

-+#ifdef NO_ROOT_MAILER

76

-+    eventlog_set_mailuid(user_uid);

77

-+#endif

78

-+

79

-     /* Dump settings and user info (XXX - plugin args) */

80

-     for (cur = info->settings; *cur != NULL; cur++)

81

- 	sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur);

82

-

83

84

diff --git a/app-admin/sudo/sudo-1.9.5_p2-r1.ebuild b/app-admin/sudo/sudo-1.9.5_p2-r1.ebuild

85

deleted file mode 100644

86

index 8a80098cbc6..00000000000

87

--- a/app-admin/sudo/sudo-1.9.5_p2-r1.ebuild

88

+++ /dev/null

89

@@ -1,264 +0,0 @@

90

-# Copyright 1999-2021 Gentoo Authors

91

-# Distributed under the terms of the GNU General Public License v2

92

-

93

-EAPI=7

94

-

95

-inherit pam multilib libtool systemd tmpfiles toolchain-funcs

96

-

97

-MY_P="${P/_/}"

98

-MY_P="${MY_P/beta/b}"

99

-

100

-DESCRIPTION="Allows users or groups to run commands as other users"

101

-HOMEPAGE="https://www.sudo.ws/"

102

-if [[ ${PV} == "9999" ]] ; then

103

-	inherit mercurial

104

-	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"

105

-else

106

-	uri_prefix=

107

-	case ${P} in

108

-		*_beta*|*_rc*) uri_prefix=beta/ ;;

109

-	esac

110

-

111

-	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz

112

-		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"

113

-	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then

114

-		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~sparc-solaris"

115

-	fi

116

-fi

117

-

118

-# Basic license is ISC-style as-is, some files are released under

119

-# 3-clause BSD license

120

-LICENSE="ISC BSD"

121

-SLOT="0"

122

-IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"

123

-

124

-DEPEND="

125

-	sys-libs/zlib:=

126

-	gcrypt? ( dev-libs/libgcrypt:= )

127

-	ldap? (

128

-		>=net-nds/openldap-2.1.30-r1

129

-		sasl? (

130

-			dev-libs/cyrus-sasl

131

-			net-nds/openldap[sasl]

132

-		)

133

-	)

134

-	pam? ( sys-libs/pam )

135

-	sasl? ( dev-libs/cyrus-sasl )

136

-	skey? ( >=sys-auth/skey-1.1.5-r1 )

137

-	ssl? ( dev-libs/openssl:0= )

138

-	sssd? ( sys-auth/sssd[sudo] )

139

-"

140

-RDEPEND="

141

-	${DEPEND}

142

-	>=app-misc/editor-wrapper-3

143

-	virtual/editor

144

-	ldap? ( dev-lang/perl )

145

-	pam? ( sys-auth/pambase )

146

-	selinux? ( sec-policy/selinux-sudo )

147

-	sendmail? ( virtual/mta )

148

-"

149

-BDEPEND="

150

-	sys-devel/bison

151

-	virtual/pkgconfig

152

-"

153

-

154

-S="${WORKDIR}/${MY_P}"

155

-

156

-REQUIRED_USE="

157

-	?? ( pam skey )

158

-	?? ( gcrypt ssl )

159

-"

160

-

161

-MAKEOPTS+=" SAMPLES="

162

-

163

-PATCHES=(

164

-	"${FILESDIR}/${P}-NO_ROOT_MAILER_fix.patch" #767946

165

-)

166

-

167

-src_prepare() {

168

-	default

169

-	elibtoolize

170

-}

171

-

172

-set_secure_path() {

173

-	# FIXME: secure_path is a compile time setting. using PATH or

174

-	# ROOTPATH is not perfect, env-update may invalidate this, but until it

175

-	# is available as a sudoers setting this will have to do.

176

-	einfo "Setting secure_path ..."

177

-

178

-	# first extract the default ROOTPATH from build env

179

-	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;

180

-		echo "${ROOTPATH}")

181

-		case "${SECURE_PATH}" in

182

-			*/usr/sbin*) ;;

183

-			*) SECURE_PATH=$(unset PATH;

184

-				. "${EPREFIX}"/etc/profile.env; echo "${PATH}")

185

-				;;

186

-		esac

187

-	if [[ -z ${SECURE_PATH} ]] ; then

188

-		ewarn "	Failed to detect SECURE_PATH, please report this"

189

-	fi

190

-

191

-	# then remove duplicate path entries

192

-	cleanpath() {

193

-		local newpath thisp IFS=:

194

-		for thisp in $1 ; do

195

-			if [[ :${newpath}: != *:${thisp}:* ]] ; then

196

-				newpath+=:${thisp}

197

-			else

198

-				einfo "   Duplicate entry ${thisp} removed..."

199

-			fi

200

-		done

201

-		SECURE_PATH=${newpath#:}

202

-	}

203

-	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}

204

-

205

-	# finally, strip gcc paths #136027

206

-	rmpath() {

207

-		local e newpath thisp IFS=:

208

-		for thisp in ${SECURE_PATH} ; do

209

-			for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done

210

-			newpath+=:${thisp}

211

-		done

212

-		SECURE_PATH=${newpath#:}

213

-	}

214

-	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'

215

-

216

-	einfo "... done"

217

-}

218

-

219

-src_configure() {

220

-	local SECURE_PATH

221

-	set_secure_path

222

-	tc-export PKG_CONFIG #767712

223

-

224

-	# audit: somebody got to explain me how I can test this before I

225

-	# enable it.. - Diego

226

-	# plugindir: autoconf code is crappy and does not delay evaluation

227

-	# until `make` time, so we have to use a full path here rather than

228

-	# basing off other values.

229

-	myeconfargs=(

230

-		# requires some python eclass

231

-		--disable-python

232

-		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d

233

-		--enable-zlib=system

234

-		--with-editor="${EPREFIX}"/usr/libexec/editor

235

-		--with-env-editor

236

-		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo

237

-		--with-rundir="${EPREFIX}"/run/sudo

238

-		--with-vardir="${EPREFIX}"/var/db/sudo

239

-		--without-linux-audit

240

-		--without-opie

241

-		$(use_enable gcrypt)

242

-		$(use_enable nls)

243

-		$(use_enable sasl)

244

-		$(use_enable ssl openssl)

245

-		$(use_with ldap)

246

-		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)

247

-		$(use_with offensive insults)

248

-		$(use_with offensive all-insults)

249

-		$(use_with pam)

250

-		$(use_with pam pam-login)

251

-		$(use_with secure-path secure-path "${SECURE_PATH}")

252

-		$(use_with selinux)

253

-		$(use_with sendmail)

254

-		$(use_with skey)

255

-		$(use_with sssd)

256

-	)

257

-

258

-	econf "${myeconfargs[@]}"

259

-}

260

-

261

-src_install() {

262

-	default

263

-

264

-	if use ldap ; then

265

-		dodoc README.LDAP

266

-

267

-		cat <<-EOF > "${T}"/ldap.conf.sudo

268

-		# See ldap.conf(5) and README.LDAP for details

269

-		# This file should only be readable by root

270

-

271

-		# supported directives: host, port, ssl, ldap_version

272

-		# uri, binddn, bindpw, sudoers_base, sudoers_debug

273

-		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}

274

-		EOF

275

-

276

-		if use sasl ; then

277

-			cat <<-EOF >> "${T}"/ldap.conf.sudo

278

-

279

-			# SASL directives: use_sasl, sasl_mech, sasl_auth_id

280

-			# sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname

281

-			EOF

282

-		fi

283

-

284

-		insinto /etc

285

-		doins "${T}"/ldap.conf.sudo

286

-		fperms 0440 /etc/ldap.conf.sudo

287

-

288

-		insinto /etc/openldap/schema

289

-		newins doc/schema.OpenLDAP sudo.schema

290

-	fi

291

-	if use pam; then

292

-		pamd_mimic system-auth sudo auth account session

293

-		pamd_mimic system-auth sudo-i auth account session

294

-	fi

295

-

296

-	keepdir /var/db/sudo/lectured

297

-	fperms 0700 /var/db/sudo/lectured

298

-	fperms 0711 /var/db/sudo #652958

299

-

300

-	# Don't install into /run as that is a tmpfs most of the time

301

-	# (bug #504854)

302

-	rm -rf "${ED}"/run || die

303

-

304

-	find "${ED}" -type f -name "*.la" -delete || die #697812

305

-}

306

-

307

-pkg_postinst() {

308

-	tmpfiles_process sudo.conf

309

-

310

-	#652958

311

-	local sudo_db="${EROOT}/var/db/sudo"

312

-	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then

313

-		chmod 711 "${sudo_db}" || die

314

-	fi

315

-

316

-	if use ldap ; then

317

-		ewarn

318

-		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."

319

-		ewarn

320

-		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then

321

-			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"

322

-			ewarn "configured in /etc/nsswitch.conf."

323

-			ewarn

324

-			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"

325

-			ewarn "  sudoers: ldap files"

326

-			ewarn

327

-		fi

328

-	fi

329

-	if use prefix ; then

330

-		ewarn

331

-		ewarn "To use sudo, you need to change file ownership and permissions"

332

-		ewarn "with root privileges, as follows:"

333

-		ewarn

334

-		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"

335

-		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"

336

-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"

337

-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"

338

-		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"

339

-		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"

340

-		ewarn

341

-	fi

342

-

343

-	elog "To use the -A (askpass) option, you need to install a compatible"

344

-	elog "password program from the following list. Starred packages will"

345

-	elog "automatically register for the use with sudo (but will not force"

346

-	elog "the -A option):"

347

-	elog ""

348

-	elog " [*] net-misc/ssh-askpass-fullscreen"

349

-	elog "     net-misc/x11-ssh-askpass"

350

-	elog ""

351

-	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"

352

-	elog "variable to the program you want to use."

353

-}

1	commit: 3ee41e51ea61830f476902cec874a01cb70d384e
2	Author: David Seifert <soap <AT> gentoo <DOT> org>
3	AuthorDate: Sat May 15 22:14:35 2021 +0000
4	Commit: David Seifert <soap <AT> gentoo <DOT> org>
5	CommitDate: Sat May 15 22:14:35 2021 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ee41e51
7
8	app-admin/sudo: drop 1.9.5_p2-r1
9
10	Signed-off-by: David Seifert <soap <AT> gentoo.org>
11
12	app-admin/sudo/Manifest \| 1 -
13	.../files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch \| 51 ----
14	app-admin/sudo/sudo-1.9.5_p2-r1.ebuild \| 264 ---------------------
15	3 files changed, 316 deletions(-)
16
17	diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
18	index ed865c663ca..78817b15d37 100644
19	--- a/app-admin/sudo/Manifest
20	+++ b/app-admin/sudo/Manifest
21	@@ -1,3 +1,2 @@
22	-DIST sudo-1.9.5p2.tar.gz 4012277 BLAKE2B 41913887463e4f775564af8d614fb5ed762200aa777dc789ec333842d4f432323474fc952a531fe929b33607cdfbcd18d7fe7470a15d67139deaf855841ed11f SHA512 f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27
23	DIST sudo-1.9.6p1.tar.gz 4119888 BLAKE2B 02bdb551c46cff11ac56e64937c64e6a29ccd8e0af34ea2f6b33c223bee8f7ad958d0fc3d7ef8ef12bf5bc82565769b923ff112a3f3d6bf6999fa4f6ea55e38e SHA512 632dfe72f04ce9a7a5a7236fcd5c09ce4535e695ced49d24dd848e3a7b1bea7380df44188b9e475af4271069539b5a5816948a98fbb0649ebebaba8b4c4b7745
24	DIST sudo-1.9.7.tar.gz 4194242 BLAKE2B 5addf9fc0a8fea8ada89f240f827dcec973277f120ad98f7942f8e46e2869c676eaca044b9c46e43dab120efea3413c71e19c30ef5b0d9cc4d9ad8f0413dbffe SHA512 53e9f18f6c0acd4f80c0cd695cd23781310e9edd305d1b3ea19653efa3fd7faba149daef0ba4953615b140a8816bc980c9bd8d28545dd8db98075abf11b63e61
25
26	diff --git a/app-admin/sudo/files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch b/app-admin/sudo/files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch
27	deleted file mode 100644
28	index 7cae441cbcf..00000000000
29	--- a/app-admin/sudo/files/sudo-1.9.5_p2-NO_ROOT_MAILER_fix.patch
30	+++ /dev/null
31	@@ -1,51 +0,0 @@
32	-
33	-# HG changeset patch
34	-# User Todd C. Miller <Todd.Miller@××××.ws>
35	-# Date 1611924154 25200
36	-# Node ID e0d4f196ba027604154f79ddd03a0b90f90c9607
37	-# Parent cd1c7615e861083e9e9b61d0e0070354e227ea5c
38	-Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4.
39	-init_eventlog_config() is called immediately after initializing the
40	-Defaults settings, which is before struct sudo_user is setup. This
41	-adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined
42	-after the invoking user is determined. Reported by Roman Fiedler.
43	-
44	-diff -r cd1c7615e861 -r e0d4f196ba02 plugins/sudoers/logging.c
45	---- a/plugins/sudoers/logging.c Tue Dec 08 12:35:21 2020 -0700
46	-+++ b/plugins/sudoers/logging.c Fri Jan 29 05:42:34 2021 -0700
47	-@@ -786,11 +786,6 @@
48	- init_eventlog_config(void)
49	- {
50	- int logtype = 0;
51	--#ifdef NO_ROOT_MAILER
52	-- uid_t mailuid = user_uid;
53	--#else
54	-- uid_t mailuid = ROOT_UID;
55	--#endif
56	- debug_decl(init_eventlog_config, SUDOERS_DEBUG_LOGGING);
57	-
58	- if (def_syslog)
59	-@@ -805,7 +800,7 @@
60	- eventlog_set_syslog_alertpri(def_syslog_badpri);
61	- eventlog_set_syslog_maxlen(def_syslog_maxlen);
62	- eventlog_set_file_maxlen(def_loglinelen);
63	-- eventlog_set_mailuid(mailuid);
64	-+ eventlog_set_mailuid(ROOT_UID);
65	- eventlog_set_omit_hostname(!def_log_host);
66	- eventlog_set_logpath(def_logfile);
67	- eventlog_set_time_fmt(def_log_year ? "%h %e %T %Y" : "%h %e %T");
68	-diff -r cd1c7615e861 -r e0d4f196ba02 plugins/sudoers/policy.c
69	---- a/plugins/sudoers/policy.c Tue Dec 08 12:35:21 2020 -0700
70	-+++ b/plugins/sudoers/policy.c Fri Jan 29 05:42:34 2021 -0700
71	-@@ -518,6 +518,10 @@
72	- /* Some systems support fexecve() which we use for digest matches. */
73	- cmnd_fd = -1;
74	-
75	-+#ifdef NO_ROOT_MAILER
76	-+ eventlog_set_mailuid(user_uid);
77	-+#endif
78	-+
79	- /* Dump settings and user info (XXX - plugin args) */
80	- for (cur = info->settings; *cur != NULL; cur++)
81	- sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur);
82	-
83
84	diff --git a/app-admin/sudo/sudo-1.9.5_p2-r1.ebuild b/app-admin/sudo/sudo-1.9.5_p2-r1.ebuild
85	deleted file mode 100644
86	index 8a80098cbc6..00000000000
87	--- a/app-admin/sudo/sudo-1.9.5_p2-r1.ebuild
88	+++ /dev/null
89	@@ -1,264 +0,0 @@
90	-# Copyright 1999-2021 Gentoo Authors
91	-# Distributed under the terms of the GNU General Public License v2
92	-
93	-EAPI=7
94	-
95	-inherit pam multilib libtool systemd tmpfiles toolchain-funcs
96	-
97	-MY_P="${P/_/}"
98	-MY_P="${MY_P/beta/b}"
99	-
100	-DESCRIPTION="Allows users or groups to run commands as other users"
101	-HOMEPAGE="https://www.sudo.ws/"
102	-if [[ ${PV} == "9999" ]] ; then
103	- inherit mercurial
104	- EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
105	-else
106	- uri_prefix=
107	- case ${P} in
108	- _beta\|_rc) uri_prefix=beta/ ;;
109	- esac
110	-
111	- SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
112	- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
113	- if [[ ${PV} != _beta ]] && [[ ${PV} != _rc ]] ; then
114	- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~sparc-solaris"
115	- fi
116	-fi
117	-
118	-# Basic license is ISC-style as-is, some files are released under
119	-# 3-clause BSD license
120	-LICENSE="ISC BSD"
121	-SLOT="0"
122	-IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
123	-
124	-DEPEND="
125	- sys-libs/zlib:=
126	- gcrypt? ( dev-libs/libgcrypt:= )
127	- ldap? (
128	- >=net-nds/openldap-2.1.30-r1
129	- sasl? (
130	- dev-libs/cyrus-sasl
131	- net-nds/openldap[sasl]
132	- )
133	- )
134	- pam? ( sys-libs/pam )
135	- sasl? ( dev-libs/cyrus-sasl )
136	- skey? ( >=sys-auth/skey-1.1.5-r1 )
137	- ssl? ( dev-libs/openssl:0= )
138	- sssd? ( sys-auth/sssd[sudo] )
139	-"
140	-RDEPEND="
141	- ${DEPEND}
142	- >=app-misc/editor-wrapper-3
143	- virtual/editor
144	- ldap? ( dev-lang/perl )
145	- pam? ( sys-auth/pambase )
146	- selinux? ( sec-policy/selinux-sudo )
147	- sendmail? ( virtual/mta )
148	-"
149	-BDEPEND="
150	- sys-devel/bison
151	- virtual/pkgconfig
152	-"
153	-
154	-S="${WORKDIR}/${MY_P}"
155	-
156	-REQUIRED_USE="
157	- ?? ( pam skey )
158	- ?? ( gcrypt ssl )
159	-"
160	-
161	-MAKEOPTS+=" SAMPLES="
162	-
163	-PATCHES=(
164	- "${FILESDIR}/${P}-NO_ROOT_MAILER_fix.patch" #767946
165	-)
166	-
167	-src_prepare() {
168	- default
169	- elibtoolize
170	-}
171	-
172	-set_secure_path() {
173	- # FIXME: secure_path is a compile time setting. using PATH or
174	- # ROOTPATH is not perfect, env-update may invalidate this, but until it
175	- # is available as a sudoers setting this will have to do.
176	- einfo "Setting secure_path ..."
177	-
178	- # first extract the default ROOTPATH from build env
179	- SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
180	- echo "${ROOTPATH}")
181	- case "${SECURE_PATH}" in
182	- /usr/sbin) ;;
183	- *) SECURE_PATH=$(unset PATH;
184	- . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
185	- ;;
186	- esac
187	- if [[ -z ${SECURE_PATH} ]] ; then
188	- ewarn " Failed to detect SECURE_PATH, please report this"
189	- fi
190	-
191	- # then remove duplicate path entries
192	- cleanpath() {
193	- local newpath thisp IFS=:
194	- for thisp in $1 ; do
195	- if [[ :${newpath}: != :${thisp}: ]] ; then
196	- newpath+=:${thisp}
197	- else
198	- einfo " Duplicate entry ${thisp} removed..."
199	- fi
200	- done
201	- SECURE_PATH=${newpath#:}
202	- }
203	- cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
204	-
205	- # finally, strip gcc paths #136027
206	- rmpath() {
207	- local e newpath thisp IFS=:
208	- for thisp in ${SECURE_PATH} ; do
209	- for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
210	- newpath+=:${thisp}
211	- done
212	- SECURE_PATH=${newpath#:}
213	- }
214	- rmpath '/gcc-bin/' '/gnat-gcc-bin/' '/gnat-gcc/'
215	-
216	- einfo "... done"
217	-}
218	-
219	-src_configure() {
220	- local SECURE_PATH
221	- set_secure_path
222	- tc-export PKG_CONFIG #767712
223	-
224	- # audit: somebody got to explain me how I can test this before I
225	- # enable it.. - Diego
226	- # plugindir: autoconf code is crappy and does not delay evaluation
227	- # until `make` time, so we have to use a full path here rather than
228	- # basing off other values.
229	- myeconfargs=(
230	- # requires some python eclass
231	- --disable-python
232	- --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
233	- --enable-zlib=system
234	- --with-editor="${EPREFIX}"/usr/libexec/editor
235	- --with-env-editor
236	- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
237	- --with-rundir="${EPREFIX}"/run/sudo
238	- --with-vardir="${EPREFIX}"/var/db/sudo
239	- --without-linux-audit
240	- --without-opie
241	- $(use_enable gcrypt)
242	- $(use_enable nls)
243	- $(use_enable sasl)
244	- $(use_enable ssl openssl)
245	- $(use_with ldap)
246	- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
247	- $(use_with offensive insults)
248	- $(use_with offensive all-insults)
249	- $(use_with pam)
250	- $(use_with pam pam-login)
251	- $(use_with secure-path secure-path "${SECURE_PATH}")
252	- $(use_with selinux)
253	- $(use_with sendmail)
254	- $(use_with skey)
255	- $(use_with sssd)
256	- )
257	-
258	- econf "${myeconfargs[@]}"
259	-}
260	-
261	-src_install() {
262	- default
263	-
264	- if use ldap ; then
265	- dodoc README.LDAP
266	-
267	- cat <<-EOF > "${T}"/ldap.conf.sudo
268	- # See ldap.conf(5) and README.LDAP for details
269	- # This file should only be readable by root
270	-
271	- # supported directives: host, port, ssl, ldap_version
272	- # uri, binddn, bindpw, sudoers_base, sudoers_debug
273	- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
274	- EOF
275	-
276	- if use sasl ; then
277	- cat <<-EOF >> "${T}"/ldap.conf.sudo
278	-
279	- # SASL directives: use_sasl, sasl_mech, sasl_auth_id
280	- # sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
281	- EOF
282	- fi
283	-
284	- insinto /etc
285	- doins "${T}"/ldap.conf.sudo
286	- fperms 0440 /etc/ldap.conf.sudo
287	-
288	- insinto /etc/openldap/schema
289	- newins doc/schema.OpenLDAP sudo.schema
290	- fi
291	- if use pam; then
292	- pamd_mimic system-auth sudo auth account session
293	- pamd_mimic system-auth sudo-i auth account session
294	- fi
295	-
296	- keepdir /var/db/sudo/lectured
297	- fperms 0700 /var/db/sudo/lectured
298	- fperms 0711 /var/db/sudo #652958
299	-
300	- # Don't install into /run as that is a tmpfs most of the time
301	- # (bug #504854)
302	- rm -rf "${ED}"/run \|\| die
303	-
304	- find "${ED}" -type f -name "*.la" -delete \|\| die #697812
305	-}
306	-
307	-pkg_postinst() {
308	- tmpfiles_process sudo.conf
309	-
310	- #652958
311	- local sudo_db="${EROOT}/var/db/sudo"
312	- if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
313	- chmod 711 "${sudo_db}" \|\| die
314	- fi
315	-
316	- if use ldap ; then
317	- ewarn
318	- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
319	- ewarn
320	- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
321	- ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
322	- ewarn "configured in /etc/nsswitch.conf."
323	- ewarn
324	- ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
325	- ewarn " sudoers: ldap files"
326	- ewarn
327	- fi
328	- fi
329	- if use prefix ; then
330	- ewarn
331	- ewarn "To use sudo, you need to change file ownership and permissions"
332	- ewarn "with root privileges, as follows:"
333	- ewarn
334	- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
335	- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
336	- ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
337	- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
338	- ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
339	- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
340	- ewarn
341	- fi
342	-
343	- elog "To use the -A (askpass) option, you need to install a compatible"
344	- elog "password program from the following list. Starred packages will"
345	- elog "automatically register for the use with sudo (but will not force"
346	- elog "the -A option):"
347	- elog ""
348	- elog " [*] net-misc/ssh-askpass-fullscreen"
349	- elog " net-misc/x11-ssh-askpass"
350	- elog ""
351	- elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
352	- elog "variable to the program you want to use."
353	-}

Gentoo Archives: gentoo-commits