1 |
commit: 4a56cb83be37bab18e9941f58c226cfce97d08a1 |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Sep 23 00:58:38 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Sep 23 00:58:38 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a56cb83 |
7 |
|
8 |
app-admin/sudo: drop 1.9.10-r1, 1.9.11_p2 |
9 |
|
10 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
11 |
|
12 |
app-admin/sudo/Manifest | 4 - |
13 |
app-admin/sudo/sudo-1.9.10-r1.ebuild | 263 -------------------------------- |
14 |
app-admin/sudo/sudo-1.9.11_p2.ebuild | 281 ----------------------------------- |
15 |
3 files changed, 548 deletions(-) |
16 |
|
17 |
diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest |
18 |
index 5f2abb112918..fd7558ec2a90 100644 |
19 |
--- a/app-admin/sudo/Manifest |
20 |
+++ b/app-admin/sudo/Manifest |
21 |
@@ -1,6 +1,2 @@ |
22 |
-DIST sudo-1.9.10.tar.gz 4516568 BLAKE2B 94d97379e31b41917616a829cbece3d3fce7dd6ab9d04791b928981c14249c306508298655c19dc59a054ccf7deed4e69e65367cbfe9f6d8b5aba8895cfa6064 SHA512 65cf92b67b64413cb807da8b9602fc90b75e5b30dd1402d682ca36f276a3d6209a8a59c14e463898abc9856bc56263e5ba4bb6d44774f56a2885a9eea4a35375 |
23 |
-DIST sudo-1.9.10.tar.gz.sig 566 BLAKE2B 808919c826faa4f63efc283461f9f2089fd745aaf7462bcc41c505e7f978e7d56307202f96548d95844c99236fec10cada8438b935a1e1b6ea3601ee857d6900 SHA512 4ea0b736783b8e7be47645f770d7684d99c31f901177d3527f1ff78f5126d41592a94d36c67762bf5cb941eed80b9f585637aaa81d7f4920576d31a83f447323 |
24 |
-DIST sudo-1.9.11p2.tar.gz 4825417 BLAKE2B b6b16f17ba8b6d5ab80f5515beebddf21579944376c2b0752111120d9fb6e2c3d3c40c8150a4f1c2c7165fb93e1f9ac3d03f77b0951a6f721e026a175cc948c4 SHA512 ca64ace6b663a61336a2aa45fb96eb585b5075a867e770b0b384aaf015479dfae48847226c83f824372e64f4697454e68c36305f7979f14b662185c284e1da67 |
25 |
-DIST sudo-1.9.11p2.tar.gz.sig 566 BLAKE2B 9ffe8ebf79f3d94c2df4ce18bb811f73854920b262774ef114ed77ff78a2f856765651c0408cd0cd71191b21840fa3c6a73ca7897baa7975dd7b655eead45ab1 SHA512 a452fb875b3f4a05cc8623df18f7b53192b8671cdd8fcdbb9360cc86160b9aadb1148a60f91f106fd381997b91a4dfcf06149f3cb43292284d27997a4d97473f |
26 |
DIST sudo-1.9.11p3.tar.gz 4826520 BLAKE2B f8508f65b514abd9979a11628d8bc0e085b2625993281e7d1f8794a576e88970bda6939d2f2f50d9485f00276970aba3489b19c102eca5625e389c9610f338dd SHA512 ad5c3d623547d1e3016e1a721676fee6d6b7348e77b2c234041e0af40c7220e8934c8c27beef0d12fa6df11708d37de711dacfefc135d26de46abca7f91c55d1 |
27 |
DIST sudo-1.9.11p3.tar.gz.sig 566 BLAKE2B 8caf03b051222f0446eaf333b48563aa18d52acbd9f7e2d880f0a97043df1ec8d25d87cfd7b1b9543ab8f52f5dacff4cf031fe3e6b94593d576d1d351eb05aa4 SHA512 ea728cddbab50746a2cbb8ce6cb55df3def1c5e806a1d91ec6f2d65c8d246079bdb5799b961ab0da1cc2c347a36d93cc00d32c10856141a467b25e1224876e50 |
28 |
|
29 |
diff --git a/app-admin/sudo/sudo-1.9.10-r1.ebuild b/app-admin/sudo/sudo-1.9.10-r1.ebuild |
30 |
deleted file mode 100644 |
31 |
index 2f7cd3f35838..000000000000 |
32 |
--- a/app-admin/sudo/sudo-1.9.10-r1.ebuild |
33 |
+++ /dev/null |
34 |
@@ -1,263 +0,0 @@ |
35 |
-# Copyright 1999-2022 Gentoo Authors |
36 |
-# Distributed under the terms of the GNU General Public License v2 |
37 |
- |
38 |
-EAPI=7 |
39 |
- |
40 |
-inherit pam libtool tmpfiles toolchain-funcs |
41 |
- |
42 |
-MY_P="${P/_/}" |
43 |
-MY_P="${MY_P/beta/b}" |
44 |
- |
45 |
-DESCRIPTION="Allows users or groups to run commands as other users" |
46 |
-HOMEPAGE="https://www.sudo.ws/" |
47 |
-if [[ ${PV} == "9999" ]] ; then |
48 |
- inherit mercurial |
49 |
- EHG_REPO_URI="https://www.sudo.ws/repos/sudo" |
50 |
-else |
51 |
- inherit verify-sig |
52 |
- VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/sudo.ws.asc |
53 |
- BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-sudo )" |
54 |
- |
55 |
- uri_prefix= |
56 |
- case ${P} in |
57 |
- *_beta*|*_rc*) uri_prefix=beta/ ;; |
58 |
- esac |
59 |
- |
60 |
- SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz |
61 |
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz |
62 |
- verify-sig? ( |
63 |
- https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig |
64 |
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig |
65 |
- )" |
66 |
- if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then |
67 |
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~sparc-solaris" |
68 |
- fi |
69 |
-fi |
70 |
- |
71 |
-# Basic license is ISC-style as-is, some files are released under |
72 |
-# 3-clause BSD license |
73 |
-LICENSE="ISC BSD" |
74 |
-SLOT="0" |
75 |
-IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd" |
76 |
- |
77 |
-DEPEND=" |
78 |
- sys-libs/zlib:= |
79 |
- virtual/libcrypt:= |
80 |
- gcrypt? ( dev-libs/libgcrypt:= ) |
81 |
- ldap? ( |
82 |
- >=net-nds/openldap-2.1.30-r1:= |
83 |
- sasl? ( |
84 |
- dev-libs/cyrus-sasl |
85 |
- net-nds/openldap:=[sasl] |
86 |
- ) |
87 |
- ) |
88 |
- pam? ( sys-libs/pam ) |
89 |
- sasl? ( dev-libs/cyrus-sasl ) |
90 |
- skey? ( >=sys-auth/skey-1.1.5-r1 ) |
91 |
- ssl? ( dev-libs/openssl:0= ) |
92 |
- sssd? ( sys-auth/sssd[sudo] ) |
93 |
-" |
94 |
-RDEPEND=" |
95 |
- ${DEPEND} |
96 |
- >=app-misc/editor-wrapper-3 |
97 |
- virtual/editor |
98 |
- ldap? ( dev-lang/perl ) |
99 |
- pam? ( sys-auth/pambase ) |
100 |
- selinux? ( sec-policy/selinux-sudo ) |
101 |
- sendmail? ( virtual/mta ) |
102 |
-" |
103 |
-BDEPEND+=" |
104 |
- sys-devel/bison |
105 |
- virtual/pkgconfig |
106 |
-" |
107 |
- |
108 |
-S="${WORKDIR}/${MY_P}" |
109 |
- |
110 |
-REQUIRED_USE=" |
111 |
- ?? ( pam skey ) |
112 |
- ?? ( gcrypt ssl ) |
113 |
-" |
114 |
- |
115 |
-MAKEOPTS+=" SAMPLES=" |
116 |
- |
117 |
-src_prepare() { |
118 |
- default |
119 |
- elibtoolize |
120 |
-} |
121 |
- |
122 |
-set_secure_path() { |
123 |
- # first extract the default ROOTPATH from build env |
124 |
- SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; |
125 |
- echo "${ROOTPATH}") |
126 |
- case "${SECURE_PATH}" in |
127 |
- */usr/sbin*) ;; |
128 |
- *) SECURE_PATH=$(unset PATH; |
129 |
- . "${EPREFIX}"/etc/profile.env; echo "${PATH}") |
130 |
- ;; |
131 |
- esac |
132 |
- if [[ -z ${SECURE_PATH} ]] ; then |
133 |
- ewarn " Failed to detect SECURE_PATH, please report this" |
134 |
- fi |
135 |
- |
136 |
- # then remove duplicate path entries |
137 |
- cleanpath() { |
138 |
- local newpath thisp IFS=: |
139 |
- for thisp in $1 ; do |
140 |
- if [[ :${newpath}: != *:${thisp}:* ]] ; then |
141 |
- newpath+=:${thisp} |
142 |
- else |
143 |
- einfo " Duplicate entry ${thisp} removed..." |
144 |
- fi |
145 |
- done |
146 |
- SECURE_PATH=${newpath#:} |
147 |
- } |
148 |
- cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}} |
149 |
- |
150 |
- # finally, strip gcc paths #136027 |
151 |
- rmpath() { |
152 |
- local e newpath thisp IFS=: |
153 |
- for thisp in ${SECURE_PATH} ; do |
154 |
- for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done |
155 |
- newpath+=:${thisp} |
156 |
- done |
157 |
- SECURE_PATH=${newpath#:} |
158 |
- } |
159 |
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' |
160 |
-} |
161 |
- |
162 |
-src_configure() { |
163 |
- local SECURE_PATH |
164 |
- set_secure_path |
165 |
- tc-export PKG_CONFIG #767712 |
166 |
- |
167 |
- # audit: somebody got to explain me how I can test this before I |
168 |
- # enable it.. - Diego |
169 |
- # plugindir: autoconf code is crappy and does not delay evaluation |
170 |
- # until `make` time, so we have to use a full path here rather than |
171 |
- # basing off other values. |
172 |
- myeconfargs=( |
173 |
- # requires some python eclass |
174 |
- --disable-python |
175 |
- --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d |
176 |
- --enable-zlib=system |
177 |
- --with-editor="${EPREFIX}"/usr/libexec/editor |
178 |
- --with-env-editor |
179 |
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo |
180 |
- --with-rundir="${EPREFIX}"/run/sudo |
181 |
- --with-vardir="${EPREFIX}"/var/db/sudo |
182 |
- --without-linux-audit |
183 |
- --without-opie |
184 |
- $(use_enable gcrypt) |
185 |
- $(use_enable nls) |
186 |
- $(use_enable sasl) |
187 |
- $(use_enable ssl openssl) |
188 |
- $(use_with ldap) |
189 |
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) |
190 |
- $(use_with offensive insults) |
191 |
- $(use_with offensive all-insults) |
192 |
- $(use_with pam) |
193 |
- $(use_with pam pam-login) |
194 |
- $(use_with secure-path secure-path "${SECURE_PATH}") |
195 |
- $(use_with selinux) |
196 |
- $(use_with sendmail) |
197 |
- $(use_with skey) |
198 |
- $(use_with sssd) |
199 |
- ) |
200 |
- |
201 |
- econf "${myeconfargs[@]}" |
202 |
-} |
203 |
- |
204 |
-src_install() { |
205 |
- default |
206 |
- |
207 |
- if use ldap ; then |
208 |
- dodoc README.LDAP.md |
209 |
- |
210 |
- cat <<-EOF > "${T}"/ldap.conf.sudo |
211 |
- # See ldap.conf(5) and README.LDAP.md for details |
212 |
- # This file should only be readable by root |
213 |
- |
214 |
- # supported directives: host, port, ssl, ldap_version |
215 |
- # uri, binddn, bindpw, sudoers_base, sudoers_debug |
216 |
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key} |
217 |
- EOF |
218 |
- |
219 |
- if use sasl ; then |
220 |
- cat <<-EOF >> "${T}"/ldap.conf.sudo |
221 |
- |
222 |
- # SASL directives: use_sasl, sasl_mech, sasl_auth_id |
223 |
- # sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname |
224 |
- EOF |
225 |
- fi |
226 |
- |
227 |
- insinto /etc |
228 |
- doins "${T}"/ldap.conf.sudo |
229 |
- fperms 0440 /etc/ldap.conf.sudo |
230 |
- |
231 |
- insinto /etc/openldap/schema |
232 |
- newins docs/schema.OpenLDAP sudo.schema |
233 |
- fi |
234 |
- |
235 |
- if use pam; then |
236 |
- pamd_mimic system-auth sudo auth account session |
237 |
- pamd_mimic system-auth sudo-i auth account session |
238 |
- fi |
239 |
- |
240 |
- keepdir /var/db/sudo/lectured |
241 |
- fperms 0700 /var/db/sudo/lectured |
242 |
- fperms 0711 /var/db/sudo #652958 |
243 |
- |
244 |
- # Don't install into /run as that is a tmpfs most of the time |
245 |
- # (bug #504854) |
246 |
- rm -rf "${ED}"/run || die |
247 |
- |
248 |
- find "${ED}" -type f -name "*.la" -delete || die #697812 |
249 |
-} |
250 |
- |
251 |
-pkg_postinst() { |
252 |
- tmpfiles_process sudo.conf |
253 |
- |
254 |
- #652958 |
255 |
- local sudo_db="${EROOT}/var/db/sudo" |
256 |
- if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then |
257 |
- chmod 711 "${sudo_db}" || die |
258 |
- fi |
259 |
- |
260 |
- if use ldap ; then |
261 |
- ewarn |
262 |
- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." |
263 |
- ewarn |
264 |
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then |
265 |
- ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" |
266 |
- ewarn "configured in /etc/nsswitch.conf." |
267 |
- ewarn |
268 |
- ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" |
269 |
- ewarn " sudoers: ldap files" |
270 |
- ewarn |
271 |
- fi |
272 |
- fi |
273 |
- if use prefix ; then |
274 |
- ewarn |
275 |
- ewarn "To use sudo, you need to change file ownership and permissions" |
276 |
- ewarn "with root privileges, as follows:" |
277 |
- ewarn |
278 |
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" |
279 |
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" |
280 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers" |
281 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" |
282 |
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo" |
283 |
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" |
284 |
- ewarn |
285 |
- fi |
286 |
- |
287 |
- elog "To use the -A (askpass) option, you need to install a compatible" |
288 |
- elog "password program from the following list. Starred packages will" |
289 |
- elog "automatically register for the use with sudo (but will not force" |
290 |
- elog "the -A option):" |
291 |
- elog "" |
292 |
- elog " [*] net-misc/ssh-askpass-fullscreen" |
293 |
- elog " net-misc/x11-ssh-askpass" |
294 |
- elog "" |
295 |
- elog "You can override the choice by setting the SUDO_ASKPASS environmnent" |
296 |
- elog "variable to the program you want to use." |
297 |
-} |
298 |
|
299 |
diff --git a/app-admin/sudo/sudo-1.9.11_p2.ebuild b/app-admin/sudo/sudo-1.9.11_p2.ebuild |
300 |
deleted file mode 100644 |
301 |
index afb8327d1680..000000000000 |
302 |
--- a/app-admin/sudo/sudo-1.9.11_p2.ebuild |
303 |
+++ /dev/null |
304 |
@@ -1,281 +0,0 @@ |
305 |
-# Copyright 1999-2022 Gentoo Authors |
306 |
-# Distributed under the terms of the GNU General Public License v2 |
307 |
- |
308 |
-EAPI=8 |
309 |
- |
310 |
-inherit pam libtool tmpfiles toolchain-funcs |
311 |
- |
312 |
-MY_P="${P/_/}" |
313 |
-MY_P="${MY_P/beta/b}" |
314 |
- |
315 |
-DESCRIPTION="Allows users or groups to run commands as other users" |
316 |
-HOMEPAGE="https://www.sudo.ws/" |
317 |
-if [[ ${PV} == 9999 ]] ; then |
318 |
- inherit mercurial |
319 |
- EHG_REPO_URI="https://www.sudo.ws/repos/sudo" |
320 |
-else |
321 |
- VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sudo.ws.asc |
322 |
- inherit verify-sig |
323 |
- |
324 |
- uri_prefix= |
325 |
- case ${P} in |
326 |
- *_beta*|*_rc*) uri_prefix=beta/ ;; |
327 |
- esac |
328 |
- |
329 |
- SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz |
330 |
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz |
331 |
- verify-sig? ( |
332 |
- https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig |
333 |
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig |
334 |
- )" |
335 |
- if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then |
336 |
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~sparc-solaris" |
337 |
- fi |
338 |
- |
339 |
- BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-sudo )" |
340 |
-fi |
341 |
- |
342 |
-# Basic license is ISC-style as-is, some files are released under |
343 |
-# 3-clause BSD license |
344 |
-LICENSE="ISC BSD" |
345 |
-SLOT="0" |
346 |
-IUSE="gcrypt ldap nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd" |
347 |
- |
348 |
-DEPEND=" |
349 |
- sys-libs/zlib:= |
350 |
- virtual/libcrypt:= |
351 |
- gcrypt? ( dev-libs/libgcrypt:= ) |
352 |
- ldap? ( |
353 |
- >=net-nds/openldap-2.1.30-r1:= |
354 |
- sasl? ( |
355 |
- dev-libs/cyrus-sasl |
356 |
- net-nds/openldap:=[sasl] |
357 |
- ) |
358 |
- ) |
359 |
- pam? ( sys-libs/pam ) |
360 |
- sasl? ( dev-libs/cyrus-sasl ) |
361 |
- skey? ( >=sys-auth/skey-1.1.5-r1 ) |
362 |
- ssl? ( dev-libs/openssl:0= ) |
363 |
- sssd? ( sys-auth/sssd[sudo] ) |
364 |
-" |
365 |
-RDEPEND=" |
366 |
- ${DEPEND} |
367 |
- >=app-misc/editor-wrapper-3 |
368 |
- virtual/editor |
369 |
- ldap? ( dev-lang/perl ) |
370 |
- pam? ( sys-auth/pambase ) |
371 |
- selinux? ( sec-policy/selinux-sudo ) |
372 |
- sendmail? ( virtual/mta ) |
373 |
-" |
374 |
-BDEPEND+=" |
375 |
- sys-devel/bison |
376 |
- virtual/pkgconfig |
377 |
-" |
378 |
- |
379 |
-S="${WORKDIR}/${MY_P}" |
380 |
- |
381 |
-REQUIRED_USE=" |
382 |
- ?? ( pam skey ) |
383 |
- ?? ( gcrypt ssl ) |
384 |
-" |
385 |
- |
386 |
-MAKEOPTS+=" SAMPLES=" |
387 |
- |
388 |
-src_prepare() { |
389 |
- default |
390 |
- |
391 |
- elibtoolize |
392 |
-} |
393 |
- |
394 |
-set_secure_path() { |
395 |
- # First extract the default ROOTPATH from build env |
396 |
- SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}") |
397 |
- |
398 |
- case "${SECURE_PATH}" in |
399 |
- */usr/sbin*) |
400 |
- ;; |
401 |
- *) |
402 |
- SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}") |
403 |
- ;; |
404 |
- esac |
405 |
- |
406 |
- if [[ -z ${SECURE_PATH} ]] ; then |
407 |
- ewarn " Failed to detect SECURE_PATH, please report this" |
408 |
- fi |
409 |
- |
410 |
- # Then remove duplicate path entries |
411 |
- cleanpath() { |
412 |
- local newpath thisp IFS=: |
413 |
- for thisp in $1 ; do |
414 |
- if [[ :${newpath}: != *:${thisp}:* ]] ; then |
415 |
- newpath+=:${thisp} |
416 |
- else |
417 |
- einfo " Duplicate entry ${thisp} removed..." |
418 |
- fi |
419 |
- done |
420 |
- SECURE_PATH=${newpath#:} |
421 |
- } |
422 |
- cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}} |
423 |
- |
424 |
- # Finally, strip gcc paths, bug #136027 |
425 |
- rmpath() { |
426 |
- local e newpath thisp IFS=: |
427 |
- for thisp in ${SECURE_PATH} ; do |
428 |
- for e ; do |
429 |
- [[ ${thisp} == ${e} ]] && continue 2 ; |
430 |
- done |
431 |
- newpath+=:${thisp} |
432 |
- done |
433 |
- SECURE_PATH=${newpath#:} |
434 |
- } |
435 |
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' |
436 |
-} |
437 |
- |
438 |
-src_configure() { |
439 |
- local SECURE_PATH |
440 |
- |
441 |
- set_secure_path |
442 |
- |
443 |
- # bug #767712 |
444 |
- tc-export PKG_CONFIG |
445 |
- |
446 |
- # - audit: somebody got to explain me how I can test this before I |
447 |
- # enable it.. - Diego |
448 |
- # - plugindir: autoconf code is crappy and does not delay evaluation |
449 |
- # until `make` time, so we have to use a full path here rather than |
450 |
- # basing off other values. |
451 |
- local myeconfargs=( |
452 |
- # We set all of the relevant options by ourselves (patched |
453 |
- # into the toolchain) and setting these in the build system |
454 |
- # actually causes a downgrade when using e.g. -D_FORTIFY_SOURCE=3 |
455 |
- # (it'll downgrade to =2). So, this has no functional effect on |
456 |
- # the hardening for users. It's safe. |
457 |
- --disable-hardening |
458 |
- |
459 |
- # requires some python eclass |
460 |
- --disable-python |
461 |
- --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d |
462 |
- --enable-zlib=system |
463 |
- --with-editor="${EPREFIX}"/usr/libexec/editor |
464 |
- --with-env-editor |
465 |
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo |
466 |
- --with-rundir="${EPREFIX}"/run/sudo |
467 |
- --with-vardir="${EPREFIX}"/var/db/sudo |
468 |
- --without-linux-audit |
469 |
- --without-opie |
470 |
- $(use_enable gcrypt) |
471 |
- $(use_enable nls) |
472 |
- $(use_enable sasl) |
473 |
- $(use_enable ssl openssl) |
474 |
- $(use_with ldap) |
475 |
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) |
476 |
- $(use_with offensive insults) |
477 |
- $(use_with offensive all-insults) |
478 |
- $(use_with pam) |
479 |
- $(use_with pam pam-login) |
480 |
- $(use_with secure-path secure-path "${SECURE_PATH}") |
481 |
- $(use_with selinux) |
482 |
- $(use_with sendmail) |
483 |
- $(use_with skey) |
484 |
- $(use_with sssd) |
485 |
- ) |
486 |
- |
487 |
- econf "${myeconfargs[@]}" |
488 |
-} |
489 |
- |
490 |
-src_install() { |
491 |
- default |
492 |
- |
493 |
- if use ldap ; then |
494 |
- dodoc README.LDAP.md |
495 |
- |
496 |
- cat <<-EOF > "${T}"/ldap.conf.sudo |
497 |
- # See ldap.conf(5) and README.LDAP.md for details |
498 |
- # This file should only be readable by root |
499 |
- |
500 |
- # supported directives: host, port, ssl, ldap_version |
501 |
- # uri, binddn, bindpw, sudoers_base, sudoers_debug |
502 |
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key} |
503 |
- EOF |
504 |
- |
505 |
- if use sasl ; then |
506 |
- cat <<-EOF >> "${T}"/ldap.conf.sudo |
507 |
- |
508 |
- # SASL directives: use_sasl, sasl_mech, sasl_auth_id |
509 |
- # sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname |
510 |
- EOF |
511 |
- fi |
512 |
- |
513 |
- insinto /etc |
514 |
- doins "${T}"/ldap.conf.sudo |
515 |
- fperms 0440 /etc/ldap.conf.sudo |
516 |
- |
517 |
- insinto /etc/openldap/schema |
518 |
- newins docs/schema.OpenLDAP sudo.schema |
519 |
- fi |
520 |
- |
521 |
- if use pam ; then |
522 |
- pamd_mimic system-auth sudo auth account session |
523 |
- pamd_mimic system-auth sudo-i auth account session |
524 |
- fi |
525 |
- |
526 |
- keepdir /var/db/sudo/lectured |
527 |
- fperms 0700 /var/db/sudo/lectured |
528 |
- # bug #652958 |
529 |
- fperms 0711 /var/db/sudo |
530 |
- |
531 |
- # Don't install into /run as that is a tmpfs most of the time |
532 |
- # (bug #504854) |
533 |
- rm -rf "${ED}"/run || die |
534 |
- |
535 |
- # bug #697812 |
536 |
- find "${ED}" -type f -name "*.la" -delete || die |
537 |
-} |
538 |
- |
539 |
-pkg_postinst() { |
540 |
- tmpfiles_process sudo.conf |
541 |
- |
542 |
- # bug #652958 |
543 |
- local sudo_db="${EROOT}/var/db/sudo" |
544 |
- if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then |
545 |
- chmod 711 "${sudo_db}" || die |
546 |
- fi |
547 |
- |
548 |
- if use ldap ; then |
549 |
- ewarn |
550 |
- ewarn "sudo uses the ${ROOT}/etc/ldap.conf.sudo file for ldap configuration." |
551 |
- ewarn |
552 |
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then |
553 |
- ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" |
554 |
- ewarn "configured in ${ROOT}/etc/nsswitch.conf." |
555 |
- ewarn |
556 |
- ewarn "To make use of LDAP, add this line to your ${ROOT}/etc/nsswitch.conf:" |
557 |
- ewarn " sudoers: ldap files" |
558 |
- ewarn |
559 |
- fi |
560 |
- fi |
561 |
- if use prefix ; then |
562 |
- ewarn |
563 |
- ewarn "To use sudo on Prefix, you need to change file ownership and permissions" |
564 |
- ewarn "with root privileges, as follows:" |
565 |
- ewarn |
566 |
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" |
567 |
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" |
568 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers" |
569 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" |
570 |
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo" |
571 |
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" |
572 |
- ewarn |
573 |
- fi |
574 |
- |
575 |
- elog "To use the -A (askpass) option, you need to install a compatible" |
576 |
- elog "password program from the following list. Starred packages will" |
577 |
- elog "automatically register for the use with sudo (but will not force" |
578 |
- elog "the -A option):" |
579 |
- elog "" |
580 |
- elog " [*] net-misc/ssh-askpass-fullscreen" |
581 |
- elog " net-misc/x11-ssh-askpass" |
582 |
- elog "" |
583 |
- elog "You can override the choice by setting the SUDO_ASKPASS environmnent" |
584 |
- elog "variable to the program you want to use." |
585 |
-} |