1 |
flameeyes 11/03/01 17:59:34 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: sudo-1.7.5.ebuild sudo-1.8.0.ebuild |
5 |
Log: |
6 |
Version bump; 1.8.0 is a big rewrite and thus is currently masked. S/Key support in 1.8 is gone, and it doesn't respect ldflags right now; tests seem also to be broken. |
7 |
|
8 |
(Portage version: 2.2.0_alpha25/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.258 app-admin/sudo/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.258&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?rev=1.258&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/ChangeLog?r1=1.257&r2=1.258 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v |
20 |
retrieving revision 1.257 |
21 |
retrieving revision 1.258 |
22 |
diff -u -r1.257 -r1.258 |
23 |
--- ChangeLog 19 Jan 2011 14:56:41 -0000 1.257 |
24 |
+++ ChangeLog 1 Mar 2011 17:59:34 -0000 1.258 |
25 |
@@ -1,6 +1,15 @@ |
26 |
# ChangeLog for app-admin/sudo |
27 |
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.257 2011/01/19 14:56:41 flameeyes Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.258 2011/03/01 17:59:34 flameeyes Exp $ |
30 |
+ |
31 |
+*sudo-1.8.0 (01 Mar 2011) |
32 |
+*sudo-1.7.5 (01 Mar 2011) |
33 |
+ |
34 |
+ 01 Mar 2011; Diego E. Pettenò <flameeyes@g.o> +sudo-1.7.5.ebuild, |
35 |
+ +sudo-1.8.0.ebuild: |
36 |
+ Version bump; 1.8.0 is a big rewrite and thus is currently masked. S/Key |
37 |
+ support in 1.8 is gone, and it doesn't respect ldflags right now; tests seem |
38 |
+ also to be broken. |
39 |
|
40 |
*sudo-1.7.4_p6 (19 Jan 2011) |
41 |
|
42 |
|
43 |
|
44 |
|
45 |
1.1 app-admin/sudo/sudo-1.7.5.ebuild |
46 |
|
47 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.7.5.ebuild?rev=1.1&view=markup |
48 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.7.5.ebuild?rev=1.1&content-type=text/plain |
49 |
|
50 |
Index: sudo-1.7.5.ebuild |
51 |
=================================================================== |
52 |
# Copyright 1999-2011 Gentoo Foundation |
53 |
# Distributed under the terms of the GNU General Public License v2 |
54 |
# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.7.5.ebuild,v 1.1 2011/03/01 17:59:34 flameeyes Exp $ |
55 |
|
56 |
inherit eutils pam |
57 |
|
58 |
MY_P=${P/_/} |
59 |
MY_P=${MY_P/beta/b} |
60 |
|
61 |
case "${P}" in |
62 |
*_beta* | *_rc*) |
63 |
uri_prefix=beta/ |
64 |
;; |
65 |
*) |
66 |
uri_prefix="" |
67 |
;; |
68 |
esac |
69 |
|
70 |
DESCRIPTION="Allows users or groups to run commands as other users" |
71 |
HOMEPAGE="http://www.sudo.ws/" |
72 |
SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz |
73 |
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" |
74 |
|
75 |
# Basic license is ISC-style as-is, some files are released under |
76 |
# 3-clause BSD license |
77 |
LICENSE="as-is BSD" |
78 |
|
79 |
SLOT="0" |
80 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
81 |
IUSE="pam skey offensive ldap selinux" |
82 |
|
83 |
DEPEND="pam? ( virtual/pam ) |
84 |
ldap? ( |
85 |
>=net-nds/openldap-2.1.30-r1 |
86 |
dev-libs/cyrus-sasl |
87 |
) |
88 |
!pam? ( skey? ( >=sys-auth/skey-1.1.5-r1 ) ) |
89 |
app-editors/gentoo-editor |
90 |
virtual/editor |
91 |
virtual/mta" |
92 |
RDEPEND="selinux? ( sec-policy/selinux-sudo ) |
93 |
ldap? ( dev-lang/perl ) |
94 |
pam? ( sys-auth/pambase ) |
95 |
${DEPEND}" |
96 |
DEPEND="${DEPEND} |
97 |
sys-devel/bison" |
98 |
|
99 |
S=${WORKDIR}/${MY_P} |
100 |
|
101 |
pkg_setup() { |
102 |
if use pam && use skey; then |
103 |
ewarn "You cannot enable both S/KEY and PAM at the same time, PAM will" |
104 |
ewarn "be used then." |
105 |
fi |
106 |
} |
107 |
|
108 |
src_unpack() { |
109 |
unpack ${A}; cd "${S}" |
110 |
|
111 |
# compatability fix. |
112 |
epatch "${FILESDIR}"/${PN}-skeychallengeargs.diff |
113 |
|
114 |
# additional variables to disallow, should user disable env_reset. |
115 |
|
116 |
# NOTE: this is not a supported mode of operation, these variables |
117 |
# are added to the blacklist as a convenience to administrators |
118 |
# who fail to heed the warnings of allowing untrusted users |
119 |
# to access sudo. |
120 |
# |
121 |
# there is *no possible way* to foresee all attack vectors in |
122 |
# all possible applications that could potentially be used via |
123 |
# sudo, these settings will just delay the inevitable. |
124 |
# |
125 |
# that said, I will accept suggestions for variables that can |
126 |
# be misused in _common_ interpreters or libraries, such as |
127 |
# perl, bash, python, ruby, etc., in the hope of dissuading |
128 |
# a casual attacker. |
129 |
|
130 |
# XXX: perl should be using suid_perl. |
131 |
# XXX: users can remove/add more via env_delete and env_check. |
132 |
# XXX: <?> = probably safe enough for most circumstances. |
133 |
|
134 |
einfo "Blacklisting common variables (env_delete)..." |
135 |
sudo_bad_var() { |
136 |
local target='env.c' marker='\*initial_badenv_table\[\]' |
137 |
|
138 |
ebegin " $1" |
139 |
sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} |
140 |
eend $? |
141 |
} |
142 |
|
143 |
sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. |
144 |
sudo_bad_var 'FPATH' # ksh, search path for functions. |
145 |
sudo_bad_var 'NULLCMD' # zsh, command on null-redir. <?> |
146 |
sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. <?> |
147 |
sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. <?> |
148 |
sudo_bad_var 'PYTHONHOME' # python, module search path. |
149 |
sudo_bad_var 'PYTHONPATH' # python, search path. |
150 |
sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. |
151 |
sudo_bad_var 'RUBYLIB' # ruby, lib load path. |
152 |
sudo_bad_var 'RUBYOPT' # ruby, cl options. |
153 |
sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. |
154 |
einfo "...done." |
155 |
|
156 |
# prevent binaries from being stripped. |
157 |
sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in |
158 |
} |
159 |
|
160 |
src_compile() { |
161 |
local line ROOTPATH |
162 |
|
163 |
# FIXME: secure_path is a compile time setting. using ROOTPATH |
164 |
# is not perfect, env-update may invalidate this, but until it |
165 |
# is available as a sudoers setting this will have to do. |
166 |
einfo "Setting secure_path..." |
167 |
|
168 |
# why not use grep? variable might be expanded from other variables |
169 |
# declared in that file. cannot just source the file, would override |
170 |
# any variables already set. |
171 |
eval `PS4= bash -x /etc/profile.env 2>&1 | \ |
172 |
while read line; do |
173 |
case $line in |
174 |
ROOTPATH=*) echo $line; break;; |
175 |
*) continue;; |
176 |
esac |
177 |
done` && einfo " Found ROOTPATH..." || \ |
178 |
ewarn " Failed to find ROOTPATH, please report this." |
179 |
|
180 |
# remove duplicate path entries from $1 |
181 |
cleanpath() { |
182 |
local i=1 x n IFS=: |
183 |
local -a paths; paths=($1) |
184 |
|
185 |
for ((n=${#paths[*]}-1;i<=n;i++)); do |
186 |
for ((x=0;x<i;x++)); do |
187 |
test "${paths[i]}" == "${paths[x]}" && { |
188 |
einfo " Duplicate entry ${paths[i]} removed..." 1>&2 |
189 |
unset paths[i]; continue 2; } |
190 |
done; # einfo " Adding ${paths[i]}..." 1>&2 |
191 |
done; echo "${paths[*]}" |
192 |
} |
193 |
|
194 |
ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) |
195 |
|
196 |
# strip gcc path (bug #136027) |
197 |
rmpath() { |
198 |
declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: |
199 |
shift |
200 |
for thisp in $oldpath; do |
201 |
for e; do [[ $thisp == $e ]] && continue 2; done |
202 |
newpath=$newpath:$thisp |
203 |
done |
204 |
eval $PATHvar='${newpath#:}' |
205 |
} |
206 |
|
207 |
rmpath ROOTPATH '*/gcc-bin/*' |
208 |
|
209 |
einfo "...done." |
210 |
|
211 |
if use pam; then |
212 |
myconf="--with-pam --without-skey" |
213 |
elif use skey; then |
214 |
myconf="--without-pam --with-skey" |
215 |
else |
216 |
myconf="--without-pam --without-skey" |
217 |
fi |
218 |
|
219 |
# audit: somebody got to explain me how I can test this before I |
220 |
# enable it.. — Diego |
221 |
econf --with-secure-path="${ROOTPATH}" \ |
222 |
--with-editor=/usr/libexec/gentoo-editor \ |
223 |
--with-env-editor \ |
224 |
$(use_with offensive insults) \ |
225 |
$(use_with offensive all-insults) \ |
226 |
$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ |
227 |
$(use_with ldap) \ |
228 |
--without-linux-audit \ |
229 |
--with-timedir=/var/db/sudo \ |
230 |
--docdir=/usr/share/doc/${PF} \ |
231 |
${myconf} |
232 |
|
233 |
emake || die |
234 |
} |
235 |
|
236 |
src_install() { |
237 |
emake DESTDIR="${D}" install || die |
238 |
|
239 |
if use ldap; then |
240 |
dodoc README.LDAP schema.OpenLDAP |
241 |
dosbin sudoers2ldif |
242 |
|
243 |
cat - > "${T}"/ldap.conf.sudo <<EOF |
244 |
# See ldap.conf(5) and README.LDAP for details\n" |
245 |
# This file should only be readable by root\n\n" |
246 |
# supported directives: host, port, ssl, ldap_version\n" |
247 |
# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" |
248 |
# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key |
249 |
EOF |
250 |
|
251 |
insinto /etc |
252 |
doins "${T}"/ldap.conf.sudo |
253 |
fperms 0440 /etc/ldap.conf.sudo |
254 |
fi |
255 |
|
256 |
pamd_mimic system-auth sudo auth account session |
257 |
|
258 |
insinto /etc |
259 |
doins "${S}"/sudoers |
260 |
fperms 0440 /etc/sudoers |
261 |
|
262 |
keepdir /var/db/sudo |
263 |
fperms 0700 /var/db/sudo |
264 |
} |
265 |
|
266 |
pkg_postinst() { |
267 |
if use ldap; then |
268 |
ewarn |
269 |
ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." |
270 |
ewarn |
271 |
if egrep -q '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf; then |
272 |
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" |
273 |
ewarn "configured in /etc/nsswitch.conf." |
274 |
ewarn |
275 |
ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" |
276 |
ewarn " sudoers: ldap files" |
277 |
ewarn |
278 |
fi |
279 |
fi |
280 |
|
281 |
elog "To use the -A (askpass) option, you need to install a compatible" |
282 |
elog "password program from the following list. Starred packages will" |
283 |
elog "automatically register for the use with sudo (but will not force" |
284 |
elog "the -A option):" |
285 |
elog "" |
286 |
elog " [*] net-misc/ssh-askpass-fullscreen" |
287 |
elog " net-misc/x11-ssh-askpass" |
288 |
elog "" |
289 |
elog "You can override the choice by setting the SUDO_ASKPASS environmnent" |
290 |
elog "variable to the program you want to use." |
291 |
} |
292 |
|
293 |
|
294 |
|
295 |
1.1 app-admin/sudo/sudo-1.8.0.ebuild |
296 |
|
297 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.8.0.ebuild?rev=1.1&view=markup |
298 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/sudo/sudo-1.8.0.ebuild?rev=1.1&content-type=text/plain |
299 |
|
300 |
Index: sudo-1.8.0.ebuild |
301 |
=================================================================== |
302 |
# Copyright 1999-2011 Gentoo Foundation |
303 |
# Distributed under the terms of the GNU General Public License v2 |
304 |
# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.8.0.ebuild,v 1.1 2011/03/01 17:59:34 flameeyes Exp $ |
305 |
|
306 |
inherit eutils pam |
307 |
|
308 |
MY_P=${P/_/} |
309 |
MY_P=${MY_P/beta/b} |
310 |
|
311 |
case "${P}" in |
312 |
*_beta* | *_rc*) |
313 |
uri_prefix=beta/ |
314 |
;; |
315 |
*) |
316 |
uri_prefix="" |
317 |
;; |
318 |
esac |
319 |
|
320 |
DESCRIPTION="Allows users or groups to run commands as other users" |
321 |
HOMEPAGE="http://www.sudo.ws/" |
322 |
SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz |
323 |
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" |
324 |
|
325 |
# Basic license is ISC-style as-is, some files are released under |
326 |
# 3-clause BSD license |
327 |
LICENSE="as-is BSD" |
328 |
|
329 |
SLOT="0" |
330 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
331 |
IUSE="pam offensive ldap selinux" |
332 |
|
333 |
DEPEND="pam? ( virtual/pam ) |
334 |
ldap? ( |
335 |
>=net-nds/openldap-2.1.30-r1 |
336 |
dev-libs/cyrus-sasl |
337 |
) |
338 |
app-editors/gentoo-editor |
339 |
virtual/editor |
340 |
virtual/mta" |
341 |
RDEPEND="selinux? ( sec-policy/selinux-sudo ) |
342 |
ldap? ( dev-lang/perl ) |
343 |
pam? ( sys-auth/pambase ) |
344 |
${DEPEND}" |
345 |
DEPEND="${DEPEND} |
346 |
sys-devel/bison" |
347 |
|
348 |
S=${WORKDIR}/${MY_P} |
349 |
|
350 |
src_unpack() { |
351 |
unpack ${A}; cd "${S}" |
352 |
|
353 |
# additional variables to disallow, should user disable env_reset. |
354 |
|
355 |
# NOTE: this is not a supported mode of operation, these variables |
356 |
# are added to the blacklist as a convenience to administrators |
357 |
# who fail to heed the warnings of allowing untrusted users |
358 |
# to access sudo. |
359 |
# |
360 |
# there is *no possible way* to foresee all attack vectors in |
361 |
# all possible applications that could potentially be used via |
362 |
# sudo, these settings will just delay the inevitable. |
363 |
# |
364 |
# that said, I will accept suggestions for variables that can |
365 |
# be misused in _common_ interpreters or libraries, such as |
366 |
# perl, bash, python, ruby, etc., in the hope of dissuading |
367 |
# a casual attacker. |
368 |
|
369 |
# XXX: perl should be using suid_perl. |
370 |
# XXX: users can remove/add more via env_delete and env_check. |
371 |
# XXX: <?> = probably safe enough for most circumstances. |
372 |
|
373 |
einfo "Blacklisting common variables (env_delete)..." |
374 |
sudo_bad_var() { |
375 |
local target='env.c' marker='\*initial_badenv_table\[\]' |
376 |
|
377 |
ebegin " $1" |
378 |
sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} |
379 |
eend $? |
380 |
} |
381 |
|
382 |
sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. |
383 |
sudo_bad_var 'FPATH' # ksh, search path for functions. |
384 |
sudo_bad_var 'NULLCMD' # zsh, command on null-redir. <?> |
385 |
sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. <?> |
386 |
sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. <?> |
387 |
sudo_bad_var 'PYTHONHOME' # python, module search path. |
388 |
sudo_bad_var 'PYTHONPATH' # python, search path. |
389 |
sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. |
390 |
sudo_bad_var 'RUBYLIB' # ruby, lib load path. |
391 |
sudo_bad_var 'RUBYOPT' # ruby, cl options. |
392 |
sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. |
393 |
einfo "...done." |
394 |
|
395 |
# prevent binaries from being stripped. |
396 |
sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in |
397 |
} |
398 |
|
399 |
src_compile() { |
400 |
local line ROOTPATH |
401 |
|
402 |
# FIXME: secure_path is a compile time setting. using ROOTPATH |
403 |
# is not perfect, env-update may invalidate this, but until it |
404 |
# is available as a sudoers setting this will have to do. |
405 |
einfo "Setting secure_path..." |
406 |
|
407 |
# why not use grep? variable might be expanded from other variables |
408 |
# declared in that file. cannot just source the file, would override |
409 |
# any variables already set. |
410 |
eval `PS4= bash -x /etc/profile.env 2>&1 | \ |
411 |
while read line; do |
412 |
case $line in |
413 |
ROOTPATH=*) echo $line; break;; |
414 |
*) continue;; |
415 |
esac |
416 |
done` && einfo " Found ROOTPATH..." || \ |
417 |
ewarn " Failed to find ROOTPATH, please report this." |
418 |
|
419 |
# remove duplicate path entries from $1 |
420 |
cleanpath() { |
421 |
local i=1 x n IFS=: |
422 |
local -a paths; paths=($1) |
423 |
|
424 |
for ((n=${#paths[*]}-1;i<=n;i++)); do |
425 |
for ((x=0;x<i;x++)); do |
426 |
test "${paths[i]}" == "${paths[x]}" && { |
427 |
einfo " Duplicate entry ${paths[i]} removed..." 1>&2 |
428 |
unset paths[i]; continue 2; } |
429 |
done; # einfo " Adding ${paths[i]}..." 1>&2 |
430 |
done; echo "${paths[*]}" |
431 |
} |
432 |
|
433 |
ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) |
434 |
|
435 |
# strip gcc path (bug #136027) |
436 |
rmpath() { |
437 |
declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: |
438 |
shift |
439 |
for thisp in $oldpath; do |
440 |
for e; do [[ $thisp == $e ]] && continue 2; done |
441 |
newpath=$newpath:$thisp |
442 |
done |
443 |
eval $PATHvar='${newpath#:}' |
444 |
} |
445 |
|
446 |
rmpath ROOTPATH '*/gcc-bin/*' |
447 |
|
448 |
einfo "...done." |
449 |
|
450 |
# audit: somebody got to explain me how I can test this before I |
451 |
# enable it.. — Diego |
452 |
econf --with-secure-path="${ROOTPATH}" \ |
453 |
--with-editor=/usr/libexec/gentoo-editor \ |
454 |
--with-env-editor \ |
455 |
$(use_with offensive insults) \ |
456 |
$(use_with offensive all-insults) \ |
457 |
$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ |
458 |
$(use_with ldap) \ |
459 |
$(use_with pam) \ |
460 |
--without-skey \ |
461 |
--without-linux-audit \ |
462 |
--with-timedir=/var/db/sudo \ |
463 |
--docdir=/usr/share/doc/${PF} \ |
464 |
${myconf} |
465 |
|
466 |
emake || die |
467 |
} |
468 |
|
469 |
src_install() { |
470 |
emake DESTDIR="${D}" install || die |
471 |
|
472 |
if use ldap; then |
473 |
dodoc README.LDAP schema.OpenLDAP |
474 |
dosbin sudoers2ldif |
475 |
|
476 |
cat - > "${T}"/ldap.conf.sudo <<EOF |
477 |
# See ldap.conf(5) and README.LDAP for details\n" |
478 |
# This file should only be readable by root\n\n" |
479 |
# supported directives: host, port, ssl, ldap_version\n" |
480 |
# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" |
481 |
# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key |
482 |
EOF |
483 |
|
484 |
insinto /etc |
485 |
doins "${T}"/ldap.conf.sudo |
486 |
fperms 0440 /etc/ldap.conf.sudo |
487 |
fi |
488 |
|
489 |
pamd_mimic system-auth sudo auth account session |
490 |
|
491 |
insinto /etc |
492 |
doins "${S}"/sudoers |
493 |
fperms 0440 /etc/sudoers |
494 |
|
495 |
keepdir /var/db/sudo |
496 |
fperms 0700 /var/db/sudo |
497 |
} |
498 |
|
499 |
pkg_postinst() { |
500 |
if use ldap; then |
501 |
ewarn |
502 |
ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." |
503 |
ewarn |
504 |
if egrep -q '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf; then |
505 |
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" |
506 |
ewarn "configured in /etc/nsswitch.conf." |
507 |
ewarn |
508 |
ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" |
509 |
ewarn " sudoers: ldap files" |
510 |
ewarn |
511 |
fi |
512 |
fi |
513 |
|
514 |
elog "To use the -A (askpass) option, you need to install a compatible" |
515 |
elog "password program from the following list. Starred packages will" |
516 |
elog "automatically register for the use with sudo (but will not force" |
517 |
elog "the -A option):" |
518 |
elog "" |
519 |
elog " [*] net-misc/ssh-askpass-fullscreen" |
520 |
elog " net-misc/x11-ssh-askpass" |
521 |
elog "" |
522 |
elog "You can override the choice by setting the SUDO_ASKPASS environmnent" |
523 |
elog "variable to the program you want to use." |
524 |
} |