[gentoo-commits] gentoo-x86 commit in app-admin/sudo: ChangeLog sudo-1.7.4.ebuild - gentoo-commits

From:	"Diego Petteno (flameeyes)" <flameeyes@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in app-admin/sudo: ChangeLog sudo-1.7.4.ebuild
Date:	Mon, 02 Aug 2010 04:02:23
Message-Id:	`20100802034554.D82722CF37@corvid.gentoo.org`

1

flameeyes    10/08/02 03:45:54

2

3

  Modified:             ChangeLog

4

  Added:                sudo-1.7.4.ebuild

5

  Log:

6

  Version bump (it installs documentation by itself now, needs /var/db/sudo); drop the pam/skey conflict by enabling skey only if pam is disabled; add HTTP mirror to the SRC_URI.

7

  (Portage version: 2.2_rc67/cvs/Linux x86_64)

8

9

Revision  Changes    Path

10

1.233                app-admin/sudo/ChangeLog

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.233&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.233&content-type=text/plain

14

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?r1=1.232&r2=1.233

15

16

Index: ChangeLog

17

===================================================================

18

RCS file: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v

19

retrieving revision 1.232

20

retrieving revision 1.233

21

diff -u -r1.232 -r1.233

22

--- ChangeLog	30 Jun 2010 23:23:21 -0000	1.232

23

+++ ChangeLog	2 Aug 2010 03:45:54 -0000	1.233

24

@@ -1,6 +1,13 @@

25

 # ChangeLog for app-admin/sudo

26

 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2

27

-# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.232 2010/06/30 23:23:21 flameeyes Exp $

28

+# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.233 2010/08/02 03:45:54 flameeyes Exp $

29

+

30

+*sudo-1.7.4 (02 Aug 2010)

31

+

32

+  02 Aug 2010; Diego E. Pettenò <flameeyes@g.o> +sudo-1.7.4.ebuild:

33

+  Version bump (it installs documentation by itself now, needs

34

+  /var/db/sudo); drop the pam/skey conflict by enabling skey only if pam is

35

+  disabled; add HTTP mirror to the SRC_URI.

36

37

 *sudo-1.7.3 (30 Jun 2010)

1.1                  app-admin/sudo/sudo-1.7.4.ebuild

43

44

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.7.4.ebuild?rev=1.1&view=markup

45

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.7.4.ebuild?rev=1.1&content-type=text/plain

46

47

Index: sudo-1.7.4.ebuild

48

===================================================================

49

# Copyright 1999-2010 Gentoo Foundation

50

# Distributed under the terms of the GNU General Public License v2

51

# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.7.4.ebuild,v 1.1 2010/08/02 03:45:54 flameeyes Exp $

52

53

inherit eutils pam

54

55

MY_P=${P/_/}

56

MY_P=${MY_P/beta/b}

57

58

case "${P}" in

59

	*_beta* | *_rc*)

60

		uri_prefix=beta/

61

;;

62

*)

63

		uri_prefix=""

64

;;

65

esac

66

67

DESCRIPTION="Allows users or groups to run commands as other users"

68

HOMEPAGE="http://www.sudo.ws/"

69

SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz

70

	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"

71

72

# Basic license is ISC-style as-is, some files are released under

73

# 3-clause BSD license

74

LICENSE="as-is BSD"

75

76

SLOT="0"

77

KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"

78

IUSE="pam skey offensive ldap selinux"

79

80

DEPEND="pam? ( virtual/pam )

81

	ldap? (

82

		>=net-nds/openldap-2.1.30-r1

83

		dev-libs/cyrus-sasl

84

)

85

	!pam? ( skey? ( >=sys-auth/skey-1.1.5-r1 ) )

86

	app-editors/gentoo-editor

87

	virtual/editor

88

	virtual/mta"

89

RDEPEND="selinux? ( sec-policy/selinux-sudo )

90

	ldap? ( dev-lang/perl )

91

	pam? ( sys-auth/pambase )

92

	${DEPEND}"

93

DEPEND="${DEPEND}

94

	sys-devel/bison"

95

96

S=${WORKDIR}/${MY_P}

97

98

pkg_setup() {

99

	if use pam && use skey; then

100

		ewarn "You cannot enable both S/KEY and PAM at the same time, PAM will"

101

		ewarn "be used then."

102

fi

103

}

104

105

src_unpack() {

106

	unpack ${A}; cd "${S}"

107

108

	# compatability fix.

109

	epatch "${FILESDIR}"/${PN}-skeychallengeargs.diff

110

111

	# additional variables to disallow, should user disable env_reset.

112

113

	# NOTE: this is not a supported mode of operation, these variables

114

	#       are added to the blacklist as a convenience to administrators

115

	#       who fail to heed the warnings of allowing untrusted users

116

	#       to access sudo.

117

#

118

	#       there is *no possible way* to foresee all attack vectors in

119

	#       all possible applications that could potentially be used via

120

	#       sudo, these settings will just delay the inevitable.

121

#

122

	#       that said, I will accept suggestions for variables that can

123

	#       be misused in _common_ interpreters or libraries, such as

124

	#       perl, bash, python, ruby, etc., in the hope of dissuading

125

	#       a casual attacker.

126

127

	# XXX: perl should be using suid_perl.

128

	# XXX: users can remove/add more via env_delete and env_check.

129

	# XXX: <?> = probably safe enough for most circumstances.

130

131

	einfo "Blacklisting common variables (env_delete)..."

132

		sudo_bad_var() {

133

			local target='env.c' marker='\*initial_badenv_table\[\]'

134

135

			ebegin "	$1"

136

			sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target}

137

			eend $?

138

}

139

140

		sudo_bad_var 'PERLIO_DEBUG'   # perl, write debug to file.

141

		sudo_bad_var 'FPATH'          # ksh, search path for functions.

142

		sudo_bad_var 'NULLCMD'        # zsh, command on null-redir. <?>

143

		sudo_bad_var 'READNULLCMD'    # zsh, command on null-redir. <?>

144

		sudo_bad_var 'GLOBIGNORE'     # bash, glob paterns to ignore. <?>

145

		sudo_bad_var 'PYTHONHOME'     # python, module search path.

146

		sudo_bad_var 'PYTHONPATH'     # python, search path.

147

		sudo_bad_var 'PYTHONINSPECT'  # python, allow inspection.

148

		sudo_bad_var 'RUBYLIB'        # ruby, lib load path.

149

		sudo_bad_var 'RUBYOPT'        # ruby, cl options.

150

		sudo_bad_var 'ZDOTDIR'        # zsh, path to search for dotfiles.

151

	einfo "...done."

152

153

	# prevent binaries from being stripped.

154

	sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in

155

}

156

157

src_compile() {

158

	local line ROOTPATH

159

160

	# FIXME: secure_path is a compile time setting. using ROOTPATH

161

	# is not perfect, env-update may invalidate this, but until it

162

	# is available as a sudoers setting this will have to do.

163

	einfo "Setting secure_path..."

164

165

		# why not use grep? variable might be expanded from other variables

166

		# declared in that file. cannot just source the file, would override

167

		# any variables already set.

168

		eval `PS4= bash -x /etc/profile.env 2>&1 | \

169

			while read line; do

170

				case $line in

171

					ROOTPATH=*) echo $line; break;;

172

					*) continue;;

173

				esac

174

			done`  && einfo "	Found ROOTPATH..." || \

175

				ewarn "	Failed to find ROOTPATH, please report this."

176

177

		# remove duplicate path entries from $1

178

		cleanpath() {

179

			local i=1 x n IFS=:

180

			local -a paths;	paths=($1)

181

182

			for ((n=${#paths[*]}-1;i<=n;i++)); do

183

				for ((x=0;x<i;x++)); do

184

					test "${paths[i]}" == "${paths[x]}" && {

185

						einfo "	Duplicate entry ${paths[i]} removed..." 1>&2

186

						unset paths[i]; continue 2; }

187

				done; # einfo "	Adding ${paths[i]}..." 1>&2

188

			done; echo "${paths[*]}"

189

}

190

191

		ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}})

192

193

		# strip gcc path (bug #136027)

194

		rmpath() {

195

			declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=:

196

			shift

197

			for thisp in $oldpath; do

198

				for e; do [[ $thisp == $e ]] && continue 2; done

199

				newpath=$newpath:$thisp

200

			done

201

			eval $PATHvar='${newpath#:}'

202

}

203

204

		rmpath ROOTPATH '*/gcc-bin/*'

205

206

	einfo "...done."

207

208

	if use pam; then

209

		myconf="--with-pam --without-skey"

210

	elif use skey; then

211

		myconf="--without-pam --with-skey"

212

	else

213

		myconf="--without-pam --without-skey"

214

fi

215

216

	# audit: somebody got to explain me how I can test this before I

217

	# enable it.. — Diego

218

	econf --with-secure-path="${ROOTPATH}" \

219

		--with-editor=/usr/libexec/gentoo-editor \

220

		--with-env-editor \

221

		$(use_with offensive insults) \

222

		$(use_with offensive all-insults) \

223

		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \

224

		$(use_with ldap) \

225

		--without-linux-audit \

226

		--with-timedir=/var/db/sudo \

227

		--docdir=/usr/share/doc/${PF} \

228

		${myconf}

229

230

	emake || die

231

}

232

233

src_install() {

234

	emake DESTDIR="${D}" install || die

235

236

	if use ldap; then

237

		dodoc README.LDAP schema.OpenLDAP

238

		dosbin sudoers2ldif

239

240

		cat - > "${T}"/ldap.conf.sudo <<EOF

241

# See ldap.conf(5) and README.LDAP for details\n"

242

# This file should only be readable by root\n\n"

243

# supported directives: host, port, ssl, ldap_version\n"

244

# uri, binddn, bindpw, sudoers_base, sudoers_debug\n"

245

# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key

246

EOF

247

248

		insinto /etc

249

		doins "${T}"/ldap.conf.sudo

250

		fperms 0440 /etc/ldap.conf.sudo

251

fi

252

253

	pamd_mimic system-auth sudo auth account session

254

255

	insinto /etc

256

	doins "${S}"/sudoers

257

	fperms 0440 /etc/sudoers

258

259

	keepdir /var/db/sudo

260

	fperms 0700 /var/db/sudo

261

}

262

263

pkg_postinst() {

264

	if use ldap; then

265

		ewarn

266

		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."

267

		ewarn

268

		if egrep -q '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf; then

269

			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"

270

			ewarn "configured in /etc/nsswitch.conf."

271

			ewarn

272

			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"

273

			ewarn "  sudoers: ldap files"

274

			ewarn

275

fi

276

fi

277

278

	elog "To use the -A (askpass) option, you need to install a compatible"

279

	elog "password program from the following list. Starred packages will"

280

	elog "automatically register for the use with sudo (but will not force"

281

	elog "the -A option):"

282

	elog ""

283

	elog " [*] net-misc/ssh-askpass-fullscreen"

284

	elog "     net-misc/x11-ssh-askpass"

285

	elog ""

286

	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"

287

	elog "variable to the program you want to use."

288

}

1	flameeyes 10/08/02 03:45:54
2
3	Modified: ChangeLog
4	Added: sudo-1.7.4.ebuild
5	Log:
6	Version bump (it installs documentation by itself now, needs /var/db/sudo); drop the pam/skey conflict by enabling skey only if pam is disabled; add HTTP mirror to the SRC_URI.
7	(Portage version: 2.2_rc67/cvs/Linux x86_64)
8
9	Revision Changes Path
10	1.233 app-admin/sudo/ChangeLog
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.233&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.233&content-type=text/plain
14	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?r1=1.232&r2=1.233
15
16	Index: ChangeLog
17	===================================================================
18	RCS file: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v
19	retrieving revision 1.232
20	retrieving revision 1.233
21	diff -u -r1.232 -r1.233
22	--- ChangeLog 30 Jun 2010 23:23:21 -0000 1.232
23	+++ ChangeLog 2 Aug 2010 03:45:54 -0000 1.233
24	@@ -1,6 +1,13 @@
25	# ChangeLog for app-admin/sudo
26	# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
27	-# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.232 2010/06/30 23:23:21 flameeyes Exp $
28	+# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.233 2010/08/02 03:45:54 flameeyes Exp $
29	+
30	+*sudo-1.7.4 (02 Aug 2010)
31	+
32	+ 02 Aug 2010; Diego E. Pettenò <flameeyes@g.o> +sudo-1.7.4.ebuild:
33	+ Version bump (it installs documentation by itself now, needs
34	+ /var/db/sudo); drop the pam/skey conflict by enabling skey only if pam is
35	+ disabled; add HTTP mirror to the SRC_URI.
36
37	*sudo-1.7.3 (30 Jun 2010)
38
39
40
41
42	1.1 app-admin/sudo/sudo-1.7.4.ebuild
43
44	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.7.4.ebuild?rev=1.1&view=markup
45	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.7.4.ebuild?rev=1.1&content-type=text/plain
46
47	Index: sudo-1.7.4.ebuild
48	===================================================================
49	# Copyright 1999-2010 Gentoo Foundation
50	# Distributed under the terms of the GNU General Public License v2
51	# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.7.4.ebuild,v 1.1 2010/08/02 03:45:54 flameeyes Exp $
52
53	inherit eutils pam
54
55	MY_P=${P/_/}
56	MY_P=${MY_P/beta/b}
57
58	case "${P}" in
59	_beta \| _rc)
60	uri_prefix=beta/
61	;;
62	*)
63	uri_prefix=""
64	;;
65	esac
66
67	DESCRIPTION="Allows users or groups to run commands as other users"
68	HOMEPAGE="http://www.sudo.ws/"
69	SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
70	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
71
72	# Basic license is ISC-style as-is, some files are released under
73	# 3-clause BSD license
74	LICENSE="as-is BSD"
75
76	SLOT="0"
77	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
78	IUSE="pam skey offensive ldap selinux"
79
80	DEPEND="pam? ( virtual/pam )
81	ldap? (
82	>=net-nds/openldap-2.1.30-r1
83	dev-libs/cyrus-sasl
84	)
85	!pam? ( skey? ( >=sys-auth/skey-1.1.5-r1 ) )
86	app-editors/gentoo-editor
87	virtual/editor
88	virtual/mta"
89	RDEPEND="selinux? ( sec-policy/selinux-sudo )
90	ldap? ( dev-lang/perl )
91	pam? ( sys-auth/pambase )
92	${DEPEND}"
93	DEPEND="${DEPEND}
94	sys-devel/bison"
95
96	S=${WORKDIR}/${MY_P}
97
98	pkg_setup() {
99	if use pam && use skey; then
100	ewarn "You cannot enable both S/KEY and PAM at the same time, PAM will"
101	ewarn "be used then."
102	fi
103	}
104
105	src_unpack() {
106	unpack ${A}; cd "${S}"
107
108	# compatability fix.
109	epatch "${FILESDIR}"/${PN}-skeychallengeargs.diff
110
111	# additional variables to disallow, should user disable env_reset.
112
113	# NOTE: this is not a supported mode of operation, these variables
114	# are added to the blacklist as a convenience to administrators
115	# who fail to heed the warnings of allowing untrusted users
116	# to access sudo.
117	#
118	# there is no possible way to foresee all attack vectors in
119	# all possible applications that could potentially be used via
120	# sudo, these settings will just delay the inevitable.
121	#
122	# that said, I will accept suggestions for variables that can
123	# be misused in _common_ interpreters or libraries, such as
124	# perl, bash, python, ruby, etc., in the hope of dissuading
125	# a casual attacker.
126
127	# XXX: perl should be using suid_perl.
128	# XXX: users can remove/add more via env_delete and env_check.
129	# XXX: <?> = probably safe enough for most circumstances.
130
131	einfo "Blacklisting common variables (env_delete)..."
132	sudo_bad_var() {
133	local target='env.c' marker='\*initial_badenv_table\[\]'
134
135	ebegin " $1"
136	sed -i 's#\(^.'${marker}'.$\)#\1\n\t"'${1}'",#' "${S}"/${target}
137	eend $?
138	}
139
140	sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file.
141	sudo_bad_var 'FPATH' # ksh, search path for functions.
142	sudo_bad_var 'NULLCMD' # zsh, command on null-redir. <?>
143	sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. <?>
144	sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. <?>
145	sudo_bad_var 'PYTHONHOME' # python, module search path.
146	sudo_bad_var 'PYTHONPATH' # python, search path.
147	sudo_bad_var 'PYTHONINSPECT' # python, allow inspection.
148	sudo_bad_var 'RUBYLIB' # ruby, lib load path.
149	sudo_bad_var 'RUBYOPT' # ruby, cl options.
150	sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles.
151	einfo "...done."
152
153	# prevent binaries from being stripped.
154	sed -i 's/\($(INSTALL).\) -s \(.[(sudo\|visudo)]\)/\1 \2/g' Makefile.in
155	}
156
157	src_compile() {
158	local line ROOTPATH
159
160	# FIXME: secure_path is a compile time setting. using ROOTPATH
161	# is not perfect, env-update may invalidate this, but until it
162	# is available as a sudoers setting this will have to do.
163	einfo "Setting secure_path..."
164
165	# why not use grep? variable might be expanded from other variables
166	# declared in that file. cannot just source the file, would override
167	# any variables already set.
168	eval `PS4= bash -x /etc/profile.env 2>&1 \| \
169	while read line; do
170	case $line in
171	ROOTPATH=*) echo $line; break;;
172	*) continue;;
173	esac
174	done` && einfo " Found ROOTPATH..." \|\| \
175	ewarn " Failed to find ROOTPATH, please report this."
176
177	# remove duplicate path entries from $1
178	cleanpath() {
179	local i=1 x n IFS=:
180	local -a paths; paths=($1)
181
182	for ((n=${#paths[*]}-1;i<=n;i++)); do
183	for ((x=0;x<i;x++)); do
184	test "${paths[i]}" == "${paths[x]}" && {
185	einfo " Duplicate entry ${paths[i]} removed..." 1>&2
186	unset paths[i]; continue 2; }
187	done; # einfo " Adding ${paths[i]}..." 1>&2
188	done; echo "${paths[*]}"
189	}
190
191	ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}})
192
193	# strip gcc path (bug #136027)
194	rmpath() {
195	declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=:
196	shift
197	for thisp in $oldpath; do
198	for e; do [[ $thisp == $e ]] && continue 2; done
199	newpath=$newpath:$thisp
200	done
201	eval $PATHvar='${newpath#:}'
202	}
203
204	rmpath ROOTPATH '/gcc-bin/'
205
206	einfo "...done."
207
208	if use pam; then
209	myconf="--with-pam --without-skey"
210	elif use skey; then
211	myconf="--without-pam --with-skey"
212	else
213	myconf="--without-pam --without-skey"
214	fi
215
216	# audit: somebody got to explain me how I can test this before I
217	# enable it.. — Diego
218	econf --with-secure-path="${ROOTPATH}" \
219	--with-editor=/usr/libexec/gentoo-editor \
220	--with-env-editor \
221	$(use_with offensive insults) \
222	$(use_with offensive all-insults) \
223	$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
224	$(use_with ldap) \
225	--without-linux-audit \
226	--with-timedir=/var/db/sudo \
227	--docdir=/usr/share/doc/${PF} \
228	${myconf}
229
230	emake \|\| die
231	}
232
233	src_install() {
234	emake DESTDIR="${D}" install \|\| die
235
236	if use ldap; then
237	dodoc README.LDAP schema.OpenLDAP
238	dosbin sudoers2ldif
239
240	cat - > "${T}"/ldap.conf.sudo <<EOF
241	# See ldap.conf(5) and README.LDAP for details\n"
242	# This file should only be readable by root\n\n"
243	# supported directives: host, port, ssl, ldap_version\n"
244	# uri, binddn, bindpw, sudoers_base, sudoers_debug\n"
245	# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key
246	EOF
247
248	insinto /etc
249	doins "${T}"/ldap.conf.sudo
250	fperms 0440 /etc/ldap.conf.sudo
251	fi
252
253	pamd_mimic system-auth sudo auth account session
254
255	insinto /etc
256	doins "${S}"/sudoers
257	fperms 0440 /etc/sudoers
258
259	keepdir /var/db/sudo
260	fperms 0700 /var/db/sudo
261	}
262
263	pkg_postinst() {
264	if use ldap; then
265	ewarn
266	ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
267	ewarn
268	if egrep -q '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf; then
269	ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
270	ewarn "configured in /etc/nsswitch.conf."
271	ewarn
272	ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
273	ewarn " sudoers: ldap files"
274	ewarn
275	fi
276	fi
277
278	elog "To use the -A (askpass) option, you need to install a compatible"
279	elog "password program from the following list. Starred packages will"
280	elog "automatically register for the use with sudo (but will not force"
281	elog "the -A option):"
282	elog ""
283	elog " [*] net-misc/ssh-askpass-fullscreen"
284	elog " net-misc/x11-ssh-askpass"
285	elog ""
286	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
287	elog "variable to the program you want to use."
288	}

Gentoo Archives: gentoo-commits