[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/
Date:	Tue, 30 May 2017 15:14:09
Message-Id:	`1496157234.e8ff5b13492accb42e170f35a2638588fe11611a.polynomial-c@gentoo`

1

commit:     e8ff5b13492accb42e170f35a2638588fe11611a

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Tue May 30 15:13:54 2017 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Tue May 30 15:13:54 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8ff5b13

7

8

app-admin/sudo: Secbum to version 1.8.20_p1 for CVE-2017-1000367.

9

10

Direct to stable for a critical security vulnerability.

11

12

Package-Manager: Portage-2.3.6, Repoman-2.3.2

13

14

 app-admin/sudo/Manifest              |   1 +

15

 app-admin/sudo/sudo-1.8.20_p1.ebuild | 216 +++++++++++++++++++++++++++++++++++

16

 2 files changed, 217 insertions(+)

17

18

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest

19

index 3d929feca2b..1f9157f79d9 100644

20

--- a/app-admin/sudo/Manifest

21

+++ b/app-admin/sudo/Manifest

22

@@ -1,3 +1,4 @@

23

 DIST sudo-1.8.18p1.tar.gz 2822109 SHA256 e5a0471c721281a693025bbde33ebd9d3db43245d83ab8516bbfc23980379434 SHA512 8dceeb5024c4f94fcc15e75fa2fd164af5e0597734f95df43207738b3258c4d396e102faf2b6811e399f1cdbdbf617b87e5bfcc1e591ea6722f45d81d1098fe5 WHIRLPOOL 094c1232517706a6da4a0548f7ab5c0c7b9e12f8ce584db97d0c4793a38c4044538637f2834b9f3104326bd5b4b826d08ab79b1dc2c5b950de7d7f558685ef7b

24

 DIST sudo-1.8.19p2.tar.gz 2861855 SHA256 237e18e67c2ad59ecacfa4b7707198b09fcf84914621585a9bc670dcc31a52e0 SHA512 21c83403e7ff219a273b2c4873be0d858997558ca150bc8239379a9dfcc587fdd7c0c49cdf4cdc27dfd6dd45f9f089fa034b58bfcee07dceb4a481542251b3fc WHIRLPOOL 550ed115ea711d6ba9aa698cd988295b74327dd770d79b6852f9f3f00a1c0420bbdcce5cc7c49467e0cf8a57fc79dbcfc73edaf3ad697e06ba9fd48919fece0b

25

 DIST sudo-1.8.20.tar.gz 2930046 SHA256 9e97b8da859c6cc1b5b8c31db93002b750eae16af1bbda9140f8dd85b970e0e0 SHA512 c8cf640cd75fff88cf7c8b3a54a9a16771a9f24129b5c5787657c24336848c31abb8d8b9bafc7bfceb8f0b1f72112e15f9862b8fc337c1072eea05860f417dee WHIRLPOOL f2e409b18bee01780c21b9d97cdf65a34f763b5f9e380116f77b0d5ab3ddf6f46a80210b1c361e585fb2882ae17433817db7782e9b315b14ea1d7b53bfb0ab2a

26

+DIST sudo-1.8.20p1.tar.gz 2930394 SHA256 9e980eb23a60dd11f0f452e672e705d7a386882bc230c6e8483050e03182db1d SHA512 b7d4c07a550da917029e31d15e734d9462f3565ee43eb5f6fd19463b54a2fa3f444381f0999d6d1ba643b65832056dd9177dad4452fa9f87f2542c223b13f258 WHIRLPOOL 7e652f70782d7c5240fa23198d16d94171510d7eb52df56ee667a3da17c26643257d4304c3bfdb94a77831b904ac1c4d4027f2d1140764ddcd130159a3c3a3d3

27

28

diff --git a/app-admin/sudo/sudo-1.8.20_p1.ebuild b/app-admin/sudo/sudo-1.8.20_p1.ebuild

29

new file mode 100644

30

index 00000000000..621ff50e219

31

--- /dev/null

32

+++ b/app-admin/sudo/sudo-1.8.20_p1.ebuild

33

@@ -0,0 +1,216 @@

34

+# Copyright 1999-2017 Gentoo Foundation

35

+# Distributed under the terms of the GNU General Public License v2

36

+

37

+EAPI=6

38

+

39

+inherit eutils pam multilib libtool

40

+

41

+MY_P=${P/_/}

42

+MY_P=${MY_P/beta/b}

43

+

44

+uri_prefix=

45

+case ${P} in

46

+	*_beta*|*_rc*) uri_prefix=beta/ ;;

47

+esac

48

+

49

+DESCRIPTION="Allows users or groups to run commands as other users"

50

+HOMEPAGE="http://www.sudo.ws/"

51

+SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz

52

+	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"

53

+

54

+# Basic license is ISC-style as-is, some files are released under

55

+# 3-clause BSD license

56

+LICENSE="ISC BSD"

57

+SLOT="0"

58

+if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then

59

+	KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~sparc-solaris"

60

+fi

61

+IUSE="gcrypt ldap nls pam offensive openssl selinux skey +sendmail"

62

+

63

+CDEPEND="

64

+	gcrypt? ( dev-libs/libgcrypt:= )

65

+	openssl? ( dev-libs/openssl:0= )

66

+	pam? ( virtual/pam )

67

+	skey? ( >=sys-auth/skey-1.1.5-r1 )

68

+	ldap? (

69

+		>=net-nds/openldap-2.1.30-r1

70

+		dev-libs/cyrus-sasl

71

+	)

72

+	sys-libs/zlib

73

+"

74

+RDEPEND="

75

+	${CDEPEND}

76

+	selinux? ( sec-policy/selinux-sudo )

77

+	ldap? ( dev-lang/perl )

78

+	pam? ( sys-auth/pambase )

79

+	>=app-misc/editor-wrapper-3

80

+	virtual/editor

81

+	sendmail? ( virtual/mta )

82

+"

83

+DEPEND="

84

+	${CDEPEND}

85

+	sys-devel/bison

86

+"

87

+

88

+S="${WORKDIR}/${MY_P}"

89

+

90

+REQUIRED_USE="

91

+	pam? ( !skey )

92

+	skey? ( !pam )

93

+	?? ( gcrypt openssl )

94

+"

95

+

96

+MAKEOPTS+=" SAMPLES="

97

+

98

+src_prepare() {

99

+	default

100

+	elibtoolize

101

+}

102

+

103

+set_rootpath() {

104

+	# FIXME: secure_path is a compile time setting. using ROOTPATH

105

+	# is not perfect, env-update may invalidate this, but until it

106

+	# is available as a sudoers setting this will have to do.

107

+	einfo "Setting secure_path ..."

108

+

109

+	# first extract the default ROOTPATH from build env

110

+	ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")

111

+	if [[ -z ${ROOTPATH} ]] ; then

112

+		ewarn "	Failed to find ROOTPATH, please report this"

113

+	fi

114

+

115

+	# then remove duplicate path entries

116

+	cleanpath() {

117

+		local newpath thisp IFS=:

118

+		for thisp in $1 ; do

119

+			if [[ :${newpath}: != *:${thisp}:* ]] ; then

120

+				newpath+=:$thisp

121

+			else

122

+				einfo "   Duplicate entry ${thisp} removed..."

123

+			fi

124

+		done

125

+		ROOTPATH=${newpath#:}

126

+	}

127

+	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}

128

+

129

+	# finally, strip gcc paths #136027

130

+	rmpath() {

131

+		local e newpath thisp IFS=:

132

+		for thisp in ${ROOTPATH} ; do

133

+			for e ; do [[ $thisp == $e ]] && continue 2 ; done

134

+			newpath+=:$thisp

135

+		done

136

+		ROOTPATH=${newpath#:}

137

+	}

138

+	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'

139

+

140

+	einfo "... done"

141

+}

142

+

143

+src_configure() {

144

+	local ROOTPATH

145

+	set_rootpath

146

+

147

+	# audit: somebody got to explain me how I can test this before I

148

+	# enable it.. - Diego

149

+	# plugindir: autoconf code is crappy and does not delay evaluation

150

+	# until `make` time, so we have to use a full path here rather than

151

+	# basing off other values.

152

+	myeconfargs=(

153

+		--enable-zlib=system

154

+		--with-editor="${EPREFIX}"/usr/libexec/editor

155

+		--with-env-editor

156

+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo

157

+		--with-rundir="${EPREFIX}"/var/run/sudo

158

+		--with-secure-path="${ROOTPATH}"

159

+		--with-vardir="${EPREFIX}"/var/db/sudo

160

+		--without-linux-audit

161

+		--without-opie

162

+		$(use_enable gcrypt)

163

+		$(use_enable nls)

164

+		$(use_enable openssl)

165

+		$(use_with offensive insults)

166

+		$(use_with offensive all-insults)

167

+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)

168

+		$(use_with ldap)

169

+		$(use_with pam)

170

+		$(use_with skey)

171

+		$(use_with selinux)

172

+		$(use_with sendmail)

173

+	)

174

+	econf "${myeconfargs[@]}"

175

+}

176

+

177

+src_install() {

178

+	default

179

+

180

+	if use ldap ; then

181

+		dodoc README.LDAP

182

+		dosbin plugins/sudoers/sudoers2ldif

183

+

184

+		cat <<-EOF > "${T}"/ldap.conf.sudo

185

+		# See ldap.conf(5) and README.LDAP for details

186

+		# This file should only be readable by root

187

+

188

+		# supported directives: host, port, ssl, ldap_version

189

+		# uri, binddn, bindpw, sudoers_base, sudoers_debug

190

+		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}

191

+		EOF

192

+

193

+		insinto /etc

194

+		doins "${T}"/ldap.conf.sudo

195

+		fperms 0440 /etc/ldap.conf.sudo

196

+

197

+		insinto /etc/openldap/schema

198

+		newins doc/schema.OpenLDAP sudo.schema

199

+	fi

200

+

201

+	pamd_mimic system-auth sudo auth account session

202

+

203

+	keepdir /var/db/sudo

204

+	fperms 0700 /var/db/sudo

205

+

206

+	# Don't install into /var/run as that is a tmpfs most of the time

207

+	# (bug #504854)

208

+	rm -rf "${D}"/var/run

209

+}

210

+

211

+pkg_postinst() {

212

+	if use ldap ; then

213

+		ewarn

214

+		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."

215

+		ewarn

216

+		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then

217

+			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"

218

+			ewarn "configured in /etc/nsswitch.conf."

219

+			ewarn

220

+			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"

221

+			ewarn "  sudoers: ldap files"

222

+			ewarn

223

+		fi

224

+	fi

225

+	if use prefix ; then

226

+		ewarn

227

+		ewarn "To use sudo, you need to change file ownership and permissions"

228

+		ewarn "with root privileges, as follows:"

229

+		ewarn

230

+		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"

231

+		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"

232

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"

233

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"

234

+		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"

235

+		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"

236

+		ewarn

237

+	fi

238

+

239

+	elog "To use the -A (askpass) option, you need to install a compatible"

240

+	elog "password program from the following list. Starred packages will"

241

+	elog "automatically register for the use with sudo (but will not force"

242

+	elog "the -A option):"

243

+	elog ""

244

+	elog " [*] net-misc/ssh-askpass-fullscreen"

245

+	elog "     net-misc/x11-ssh-askpass"

246

+	elog ""

247

+	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"

248

+	elog "variable to the program you want to use."

249

+}

1	commit: e8ff5b13492accb42e170f35a2638588fe11611a
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Tue May 30 15:13:54 2017 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Tue May 30 15:13:54 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8ff5b13
7
8	app-admin/sudo: Secbum to version 1.8.20_p1 for CVE-2017-1000367.
9
10	Direct to stable for a critical security vulnerability.
11
12	Package-Manager: Portage-2.3.6, Repoman-2.3.2
13
14	app-admin/sudo/Manifest \| 1 +
15	app-admin/sudo/sudo-1.8.20_p1.ebuild \| 216 +++++++++++++++++++++++++++++++++++
16	2 files changed, 217 insertions(+)
17
18	diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
19	index 3d929feca2b..1f9157f79d9 100644
20	--- a/app-admin/sudo/Manifest
21	+++ b/app-admin/sudo/Manifest
22	@@ -1,3 +1,4 @@
23	DIST sudo-1.8.18p1.tar.gz 2822109 SHA256 e5a0471c721281a693025bbde33ebd9d3db43245d83ab8516bbfc23980379434 SHA512 8dceeb5024c4f94fcc15e75fa2fd164af5e0597734f95df43207738b3258c4d396e102faf2b6811e399f1cdbdbf617b87e5bfcc1e591ea6722f45d81d1098fe5 WHIRLPOOL 094c1232517706a6da4a0548f7ab5c0c7b9e12f8ce584db97d0c4793a38c4044538637f2834b9f3104326bd5b4b826d08ab79b1dc2c5b950de7d7f558685ef7b
24	DIST sudo-1.8.19p2.tar.gz 2861855 SHA256 237e18e67c2ad59ecacfa4b7707198b09fcf84914621585a9bc670dcc31a52e0 SHA512 21c83403e7ff219a273b2c4873be0d858997558ca150bc8239379a9dfcc587fdd7c0c49cdf4cdc27dfd6dd45f9f089fa034b58bfcee07dceb4a481542251b3fc WHIRLPOOL 550ed115ea711d6ba9aa698cd988295b74327dd770d79b6852f9f3f00a1c0420bbdcce5cc7c49467e0cf8a57fc79dbcfc73edaf3ad697e06ba9fd48919fece0b
25	DIST sudo-1.8.20.tar.gz 2930046 SHA256 9e97b8da859c6cc1b5b8c31db93002b750eae16af1bbda9140f8dd85b970e0e0 SHA512 c8cf640cd75fff88cf7c8b3a54a9a16771a9f24129b5c5787657c24336848c31abb8d8b9bafc7bfceb8f0b1f72112e15f9862b8fc337c1072eea05860f417dee WHIRLPOOL f2e409b18bee01780c21b9d97cdf65a34f763b5f9e380116f77b0d5ab3ddf6f46a80210b1c361e585fb2882ae17433817db7782e9b315b14ea1d7b53bfb0ab2a
26	+DIST sudo-1.8.20p1.tar.gz 2930394 SHA256 9e980eb23a60dd11f0f452e672e705d7a386882bc230c6e8483050e03182db1d SHA512 b7d4c07a550da917029e31d15e734d9462f3565ee43eb5f6fd19463b54a2fa3f444381f0999d6d1ba643b65832056dd9177dad4452fa9f87f2542c223b13f258 WHIRLPOOL 7e652f70782d7c5240fa23198d16d94171510d7eb52df56ee667a3da17c26643257d4304c3bfdb94a77831b904ac1c4d4027f2d1140764ddcd130159a3c3a3d3
27
28	diff --git a/app-admin/sudo/sudo-1.8.20_p1.ebuild b/app-admin/sudo/sudo-1.8.20_p1.ebuild
29	new file mode 100644
30	index 00000000000..621ff50e219
31	--- /dev/null
32	+++ b/app-admin/sudo/sudo-1.8.20_p1.ebuild
33	@@ -0,0 +1,216 @@
34	+# Copyright 1999-2017 Gentoo Foundation
35	+# Distributed under the terms of the GNU General Public License v2
36	+
37	+EAPI=6
38	+
39	+inherit eutils pam multilib libtool
40	+
41	+MY_P=${P/_/}
42	+MY_P=${MY_P/beta/b}
43	+
44	+uri_prefix=
45	+case ${P} in
46	+ _beta\|_rc) uri_prefix=beta/ ;;
47	+esac
48	+
49	+DESCRIPTION="Allows users or groups to run commands as other users"
50	+HOMEPAGE="http://www.sudo.ws/"
51	+SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
52	+ ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
53	+
54	+# Basic license is ISC-style as-is, some files are released under
55	+# 3-clause BSD license
56	+LICENSE="ISC BSD"
57	+SLOT="0"
58	+if [[ ${PV} != _beta ]] && [[ ${PV} != _rc ]] ; then
59	+ KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~sparc-solaris"
60	+fi
61	+IUSE="gcrypt ldap nls pam offensive openssl selinux skey +sendmail"
62	+
63	+CDEPEND="
64	+ gcrypt? ( dev-libs/libgcrypt:= )
65	+ openssl? ( dev-libs/openssl:0= )
66	+ pam? ( virtual/pam )
67	+ skey? ( >=sys-auth/skey-1.1.5-r1 )
68	+ ldap? (
69	+ >=net-nds/openldap-2.1.30-r1
70	+ dev-libs/cyrus-sasl
71	+ )
72	+ sys-libs/zlib
73	+"
74	+RDEPEND="
75	+ ${CDEPEND}
76	+ selinux? ( sec-policy/selinux-sudo )
77	+ ldap? ( dev-lang/perl )
78	+ pam? ( sys-auth/pambase )
79	+ >=app-misc/editor-wrapper-3
80	+ virtual/editor
81	+ sendmail? ( virtual/mta )
82	+"
83	+DEPEND="
84	+ ${CDEPEND}
85	+ sys-devel/bison
86	+"
87	+
88	+S="${WORKDIR}/${MY_P}"
89	+
90	+REQUIRED_USE="
91	+ pam? ( !skey )
92	+ skey? ( !pam )
93	+ ?? ( gcrypt openssl )
94	+"
95	+
96	+MAKEOPTS+=" SAMPLES="
97	+
98	+src_prepare() {
99	+ default
100	+ elibtoolize
101	+}
102	+
103	+set_rootpath() {
104	+ # FIXME: secure_path is a compile time setting. using ROOTPATH
105	+ # is not perfect, env-update may invalidate this, but until it
106	+ # is available as a sudoers setting this will have to do.
107	+ einfo "Setting secure_path ..."
108	+
109	+ # first extract the default ROOTPATH from build env
110	+ ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
111	+ if [[ -z ${ROOTPATH} ]] ; then
112	+ ewarn " Failed to find ROOTPATH, please report this"
113	+ fi
114	+
115	+ # then remove duplicate path entries
116	+ cleanpath() {
117	+ local newpath thisp IFS=:
118	+ for thisp in $1 ; do
119	+ if [[ :${newpath}: != :${thisp}: ]] ; then
120	+ newpath+=:$thisp
121	+ else
122	+ einfo " Duplicate entry ${thisp} removed..."
123	+ fi
124	+ done
125	+ ROOTPATH=${newpath#:}
126	+ }
127	+ cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
128	+
129	+ # finally, strip gcc paths #136027
130	+ rmpath() {
131	+ local e newpath thisp IFS=:
132	+ for thisp in ${ROOTPATH} ; do
133	+ for e ; do [[ $thisp == $e ]] && continue 2 ; done
134	+ newpath+=:$thisp
135	+ done
136	+ ROOTPATH=${newpath#:}
137	+ }
138	+ rmpath '/gcc-bin/' '/gnat-gcc-bin/' '/gnat-gcc/'
139	+
140	+ einfo "... done"
141	+}
142	+
143	+src_configure() {
144	+ local ROOTPATH
145	+ set_rootpath
146	+
147	+ # audit: somebody got to explain me how I can test this before I
148	+ # enable it.. - Diego
149	+ # plugindir: autoconf code is crappy and does not delay evaluation
150	+ # until `make` time, so we have to use a full path here rather than
151	+ # basing off other values.
152	+ myeconfargs=(
153	+ --enable-zlib=system
154	+ --with-editor="${EPREFIX}"/usr/libexec/editor
155	+ --with-env-editor
156	+ --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
157	+ --with-rundir="${EPREFIX}"/var/run/sudo
158	+ --with-secure-path="${ROOTPATH}"
159	+ --with-vardir="${EPREFIX}"/var/db/sudo
160	+ --without-linux-audit
161	+ --without-opie
162	+ $(use_enable gcrypt)
163	+ $(use_enable nls)
164	+ $(use_enable openssl)
165	+ $(use_with offensive insults)
166	+ $(use_with offensive all-insults)
167	+ $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
168	+ $(use_with ldap)
169	+ $(use_with pam)
170	+ $(use_with skey)
171	+ $(use_with selinux)
172	+ $(use_with sendmail)
173	+ )
174	+ econf "${myeconfargs[@]}"
175	+}
176	+
177	+src_install() {
178	+ default
179	+
180	+ if use ldap ; then
181	+ dodoc README.LDAP
182	+ dosbin plugins/sudoers/sudoers2ldif
183	+
184	+ cat <<-EOF > "${T}"/ldap.conf.sudo
185	+ # See ldap.conf(5) and README.LDAP for details
186	+ # This file should only be readable by root
187	+
188	+ # supported directives: host, port, ssl, ldap_version
189	+ # uri, binddn, bindpw, sudoers_base, sudoers_debug
190	+ # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
191	+ EOF
192	+
193	+ insinto /etc
194	+ doins "${T}"/ldap.conf.sudo
195	+ fperms 0440 /etc/ldap.conf.sudo
196	+
197	+ insinto /etc/openldap/schema
198	+ newins doc/schema.OpenLDAP sudo.schema
199	+ fi
200	+
201	+ pamd_mimic system-auth sudo auth account session
202	+
203	+ keepdir /var/db/sudo
204	+ fperms 0700 /var/db/sudo
205	+
206	+ # Don't install into /var/run as that is a tmpfs most of the time
207	+ # (bug #504854)
208	+ rm -rf "${D}"/var/run
209	+}
210	+
211	+pkg_postinst() {
212	+ if use ldap ; then
213	+ ewarn
214	+ ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
215	+ ewarn
216	+ if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
217	+ ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
218	+ ewarn "configured in /etc/nsswitch.conf."
219	+ ewarn
220	+ ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
221	+ ewarn " sudoers: ldap files"
222	+ ewarn
223	+ fi
224	+ fi
225	+ if use prefix ; then
226	+ ewarn
227	+ ewarn "To use sudo, you need to change file ownership and permissions"
228	+ ewarn "with root privileges, as follows:"
229	+ ewarn
230	+ ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
231	+ ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
232	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
233	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
234	+ ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
235	+ ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
236	+ ewarn
237	+ fi
238	+
239	+ elog "To use the -A (askpass) option, you need to install a compatible"
240	+ elog "password program from the following list. Starred packages will"
241	+ elog "automatically register for the use with sudo (but will not force"
242	+ elog "the -A option):"
243	+ elog ""
244	+ elog " [*] net-misc/ssh-askpass-fullscreen"
245	+ elog " net-misc/x11-ssh-askpass"
246	+ elog ""
247	+ elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
248	+ elog "variable to the program you want to use."
249	+}

Gentoo Archives: gentoo-commits