1 |
commit: 5ada6ccb950343e144eb49969b1f288fd930dc0a |
2 |
Author: David Michael <fedora.dm0 <AT> gmail <DOT> com> |
3 |
AuthorDate: Thu Sep 3 12:49:40 2020 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Sep 7 20:44:01 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ada6ccb |
7 |
|
8 |
app-admin/sudo: glibc-2.32 port |
9 |
|
10 |
Closes: https://bugs.gentoo.org/739016 |
11 |
Package-Manager: Portage-3.0.4, Repoman-2.3.23 |
12 |
Signed-off-by: David Michael <fedora.dm0 <AT> gmail.com> |
13 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
14 |
|
15 |
app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch | 308 +++++++++++++++++++++++ |
16 |
app-admin/sudo/sudo-1.9.2-r1.ebuild | 265 +++++++++++++++++++ |
17 |
2 files changed, 573 insertions(+) |
18 |
|
19 |
diff --git a/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch b/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch |
20 |
new file mode 100644 |
21 |
index 00000000000..6134fe736d0 |
22 |
--- /dev/null |
23 |
+++ b/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch |
24 |
@@ -0,0 +1,308 @@ |
25 |
+ |
26 |
+# HG changeset patch |
27 |
+# User Todd C. Miller <Todd.Miller@××××.ws> |
28 |
+# Date 1598395693 21600 |
29 |
+# Node ID e30482f26924b07775d87ae591e54ad72e794d5e |
30 |
+# Parent 1ede927d99b3cb06ba514c9fd2fd7fa9a014a1b2 |
31 |
+Use sigabbrev_np(3) to access signal abbreviations if supported. |
32 |
+glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3) instead. |
33 |
+ |
34 |
+diff -r 1ede927d99b3 -r e30482f26924 config.h.in |
35 |
+--- a/config.h.in Mon Aug 17 19:37:09 2020 -0600 |
36 |
++++ b/config.h.in Tue Aug 25 16:48:13 2020 -0600 |
37 |
+@@ -740,6 +740,9 @@ |
38 |
+ /* Define to 1 if you have the `sig2str' function. */ |
39 |
+ #undef HAVE_SIG2STR |
40 |
+ |
41 |
++/* Define to 1 if you have the `sigabbrev_np' function. */ |
42 |
++#undef HAVE_SIGABBREV_NP |
43 |
++ |
44 |
+ /* Define to 1 if you use S/Key. */ |
45 |
+ #undef HAVE_SKEY |
46 |
+ |
47 |
+diff -r 1ede927d99b3 -r e30482f26924 configure |
48 |
+--- a/configure Mon Aug 17 19:37:09 2020 -0600 |
49 |
++++ b/configure Tue Aug 25 16:48:13 2020 -0600 |
50 |
+@@ -23687,9 +23687,21 @@ |
51 |
+ |
52 |
+ |
53 |
+ if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then |
54 |
+- COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test" |
55 |
+- HAVE_SIGNAME="false" |
56 |
+- ac_fn_c_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" " |
57 |
++ for ac_func in sigabbrev_np |
58 |
++do : |
59 |
++ ac_fn_c_check_func "$LINENO" "sigabbrev_np" "ac_cv_func_sigabbrev_np" |
60 |
++if test "x$ac_cv_func_sigabbrev_np" = xyes; then : |
61 |
++ cat >>confdefs.h <<_ACEOF |
62 |
++#define HAVE_SIGABBREV_NP 1 |
63 |
++_ACEOF |
64 |
++ |
65 |
++fi |
66 |
++done |
67 |
++ |
68 |
++ if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then |
69 |
++ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test" |
70 |
++ HAVE_SIGNAME="false" |
71 |
++ ac_fn_c_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" " |
72 |
+ $ac_includes_default |
73 |
+ #include <signal.h> |
74 |
+ |
75 |
+@@ -23705,7 +23717,7 @@ |
76 |
+ _ACEOF |
77 |
+ if test $ac_have_decl = 1; then : |
78 |
+ |
79 |
+- HAVE_SIGNAME="true" |
80 |
++ HAVE_SIGNAME="true" |
81 |
+ |
82 |
+ fi |
83 |
+ ac_fn_c_check_decl "$LINENO" "_sys_signame" "ac_cv_have_decl__sys_signame" " |
84 |
+@@ -23724,7 +23736,7 @@ |
85 |
+ _ACEOF |
86 |
+ if test $ac_have_decl = 1; then : |
87 |
+ |
88 |
+- HAVE_SIGNAME="true" |
89 |
++ HAVE_SIGNAME="true" |
90 |
+ |
91 |
+ fi |
92 |
+ ac_fn_c_check_decl "$LINENO" "sys_sigabbrev" "ac_cv_have_decl_sys_sigabbrev" " |
93 |
+@@ -23743,12 +23755,12 @@ |
94 |
+ _ACEOF |
95 |
+ if test $ac_have_decl = 1; then : |
96 |
+ |
97 |
+- HAVE_SIGNAME="true" |
98 |
+- |
99 |
+-fi |
100 |
+- |
101 |
+- if test "$HAVE_SIGNAME" != "true"; then |
102 |
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared sys_sigabbrev" >&5 |
103 |
++ HAVE_SIGNAME="true" |
104 |
++ |
105 |
++fi |
106 |
++ |
107 |
++ if test "$HAVE_SIGNAME" != "true"; then |
108 |
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared sys_sigabbrev" >&5 |
109 |
+ $as_echo_n "checking for undeclared sys_sigabbrev... " >&6; } |
110 |
+ if ${sudo_cv_var_sys_sigabbrev+:} false; then : |
111 |
+ $as_echo_n "(cached) " >&6 |
112 |
+@@ -23777,17 +23789,18 @@ |
113 |
+ fi |
114 |
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_sys_sigabbrev" >&5 |
115 |
+ $as_echo "$sudo_cv_var_sys_sigabbrev" >&6; } |
116 |
+- if test "$sudo_cv_var_sys_sigabbrev" = yes; then |
117 |
+- $as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h |
118 |
+- |
119 |
+- else |
120 |
+- case " $LIBOBJS " in |
121 |
++ if test "$sudo_cv_var_sys_sigabbrev" = yes; then |
122 |
++ $as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h |
123 |
++ |
124 |
++ else |
125 |
++ case " $LIBOBJS " in |
126 |
+ *" signame.$ac_objext "* ) ;; |
127 |
+ *) LIBOBJS="$LIBOBJS signame.$ac_objext" |
128 |
+ ;; |
129 |
+ esac |
130 |
+ |
131 |
+- SIGNAME=signame.lo |
132 |
++ SIGNAME=signame.lo |
133 |
++ fi |
134 |
+ fi |
135 |
+ fi |
136 |
+ fi |
137 |
+diff -r 1ede927d99b3 -r e30482f26924 configure.ac |
138 |
+--- a/configure.ac Mon Aug 17 19:37:09 2020 -0600 |
139 |
++++ b/configure.ac Tue Aug 25 16:48:13 2020 -0600 |
140 |
+@@ -3498,29 +3498,32 @@ |
141 |
+ dnl Also enable unit tests for sig2str() and str2sig(). |
142 |
+ dnl |
143 |
+ if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then |
144 |
+- COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test" |
145 |
+- HAVE_SIGNAME="false" |
146 |
+- AC_CHECK_DECLS([sys_signame, _sys_signame, sys_sigabbrev], [ |
147 |
+- HAVE_SIGNAME="true" |
148 |
+- ], [ ], [ |
149 |
++ AC_CHECK_FUNCS([sigabbrev_np]) |
150 |
++ if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then |
151 |
++ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test" |
152 |
++ HAVE_SIGNAME="false" |
153 |
++ AC_CHECK_DECLS([sys_signame, _sys_signame, sys_sigabbrev], [ |
154 |
++ HAVE_SIGNAME="true" |
155 |
++ ], [ ], [ |
156 |
+ AC_INCLUDES_DEFAULT |
157 |
+ #include <signal.h> |
158 |
+- ]) |
159 |
+- if test "$HAVE_SIGNAME" != "true"; then |
160 |
+- AC_CACHE_CHECK([for undeclared sys_sigabbrev], |
161 |
+- [sudo_cv_var_sys_sigabbrev], |
162 |
+- [AC_LINK_IFELSE( |
163 |
+- [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])], |
164 |
+- [sudo_cv_var_sys_sigabbrev=yes], |
165 |
+- [sudo_cv_var_sys_sigabbrev=no] |
166 |
+- ) |
167 |
+- ] |
168 |
+- ) |
169 |
+- if test "$sudo_cv_var_sys_sigabbrev" = yes; then |
170 |
+- AC_DEFINE(HAVE_SYS_SIGABBREV) |
171 |
+- else |
172 |
+- AC_LIBOBJ(signame) |
173 |
+- SIGNAME=signame.lo |
174 |
++ ]) |
175 |
++ if test "$HAVE_SIGNAME" != "true"; then |
176 |
++ AC_CACHE_CHECK([for undeclared sys_sigabbrev], |
177 |
++ [sudo_cv_var_sys_sigabbrev], |
178 |
++ [AC_LINK_IFELSE( |
179 |
++ [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])], |
180 |
++ [sudo_cv_var_sys_sigabbrev=yes], |
181 |
++ [sudo_cv_var_sys_sigabbrev=no] |
182 |
++ ) |
183 |
++ ] |
184 |
++ ) |
185 |
++ if test "$sudo_cv_var_sys_sigabbrev" = yes; then |
186 |
++ AC_DEFINE(HAVE_SYS_SIGABBREV) |
187 |
++ else |
188 |
++ AC_LIBOBJ(signame) |
189 |
++ SIGNAME=signame.lo |
190 |
++ fi |
191 |
+ fi |
192 |
+ fi |
193 |
+ fi |
194 |
+diff -r 1ede927d99b3 -r e30482f26924 lib/util/sig2str.c |
195 |
+--- a/lib/util/sig2str.c Mon Aug 17 19:37:09 2020 -0600 |
196 |
++++ b/lib/util/sig2str.c Tue Aug 25 16:48:13 2020 -0600 |
197 |
+@@ -1,7 +1,7 @@ |
198 |
+ /* |
199 |
+ * SPDX-License-Identifier: ISC |
200 |
+ * |
201 |
+- * Copyright (c) 2012-2015, 2017-2019 Todd C. Miller <Todd.Miller@××××.ws> |
202 |
++ * Copyright (c) 2012-2015, 2017-2020 Todd C. Miller <Todd.Miller@××××.ws> |
203 |
+ * |
204 |
+ * Permission to use, copy, modify, and distribute this software for any |
205 |
+ * purpose with or without fee is hereby granted, provided that the above |
206 |
+@@ -32,20 +32,24 @@ |
207 |
+ #include <unistd.h> |
208 |
+ |
209 |
+ #include "sudo_compat.h" |
210 |
++#include "sudo_util.h" |
211 |
+ |
212 |
+-#if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1 |
213 |
+-# define sudo_sys_signame sys_signame |
214 |
+-#elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1 |
215 |
+-# define sudo_sys_signame _sys_signame |
216 |
+-#elif defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 1 |
217 |
+-# define sudo_sys_signame sys_sigabbrev |
218 |
+-#else |
219 |
+-# ifdef HAVE_SYS_SIGABBREV |
220 |
+- /* sys_sigabbrev is not declared by glibc */ |
221 |
+-# define sudo_sys_signame sys_sigabbrev |
222 |
++#if !defined(HAVE_SIGABBREV_NP) |
223 |
++# if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1 |
224 |
++# define sigabbrev_np(_x) sys_signame[(_x)] |
225 |
++# elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1 |
226 |
++# define sigabbrev_np(_x) _sys_signame[(_x)] |
227 |
++# elif defined(HAVE_SYS_SIGABBREV) |
228 |
++# define sigabbrev_np(_x) sys_sigabbrev[(_x)] |
229 |
++# if defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 0 |
230 |
++ /* sys_sigabbrev is not declared by glibc */ |
231 |
++ extern const char *const sys_sigabbrev[NSIG]; |
232 |
++# endif |
233 |
++# else |
234 |
++# define sigabbrev_np(_x) sudo_sys_signame[(_x)] |
235 |
++ extern const char *const sudo_sys_signame[NSIG]; |
236 |
+ # endif |
237 |
+-extern const char *const sudo_sys_signame[NSIG]; |
238 |
+-#endif |
239 |
++#endif /* !HAVE_SIGABBREV_NP */ |
240 |
+ |
241 |
+ /* |
242 |
+ * Translate signal number to name. |
243 |
+@@ -77,15 +81,18 @@ |
244 |
+ return 0; |
245 |
+ } |
246 |
+ #endif |
247 |
+- if (signo > 0 && signo < NSIG && sudo_sys_signame[signo] != NULL) { |
248 |
+- strlcpy(signame, sudo_sys_signame[signo], SIG2STR_MAX); |
249 |
+- /* Make sure we always return an upper case signame. */ |
250 |
+- if (islower((unsigned char)signame[0])) { |
251 |
+- int i; |
252 |
+- for (i = 0; signame[i] != '\0'; i++) |
253 |
+- signame[i] = toupper((unsigned char)signame[i]); |
254 |
++ if (signo > 0 && signo < NSIG) { |
255 |
++ const char *cp = sigabbrev_np(signo); |
256 |
++ if (cp != NULL) { |
257 |
++ strlcpy(signame, cp, SIG2STR_MAX); |
258 |
++ /* Make sure we always return an upper case signame. */ |
259 |
++ if (islower((unsigned char)signame[0])) { |
260 |
++ int i; |
261 |
++ for (i = 0; signame[i] != '\0'; i++) |
262 |
++ signame[i] = toupper((unsigned char)signame[i]); |
263 |
++ } |
264 |
++ return 0; |
265 |
+ } |
266 |
+- return 0; |
267 |
+ } |
268 |
+ errno = EINVAL; |
269 |
+ return -1; |
270 |
+diff -r 1ede927d99b3 -r e30482f26924 lib/util/str2sig.c |
271 |
+--- a/lib/util/str2sig.c Mon Aug 17 19:37:09 2020 -0600 |
272 |
++++ b/lib/util/str2sig.c Tue Aug 25 16:48:13 2020 -0600 |
273 |
+@@ -1,7 +1,7 @@ |
274 |
+ /* |
275 |
+ * SPDX-License-Identifier: ISC |
276 |
+ * |
277 |
+- * Copyright (c) 2019 Todd C. Miller <Todd.Miller@××××.ws> |
278 |
++ * Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@××××.ws> |
279 |
+ * |
280 |
+ * Permission to use, copy, modify, and distribute this software for any |
281 |
+ * purpose with or without fee is hereby granted, provided that the above |
282 |
+@@ -37,19 +37,22 @@ |
283 |
+ #include "sudo_compat.h" |
284 |
+ #include "sudo_util.h" |
285 |
+ |
286 |
+-#if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1 |
287 |
+-# define sudo_sys_signame sys_signame |
288 |
+-#elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1 |
289 |
+-# define sudo_sys_signame _sys_signame |
290 |
+-#elif defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 1 |
291 |
+-# define sudo_sys_signame sys_sigabbrev |
292 |
+-#else |
293 |
+-# ifdef HAVE_SYS_SIGABBREV |
294 |
+- /* sys_sigabbrev is not declared by glibc */ |
295 |
+-# define sudo_sys_signame sys_sigabbrev |
296 |
++#if !defined(HAVE_SIGABBREV_NP) |
297 |
++# if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1 |
298 |
++# define sigabbrev_np(_x) sys_signame[(_x)] |
299 |
++# elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1 |
300 |
++# define sigabbrev_np(_x) _sys_signame[(_x)] |
301 |
++# elif defined(HAVE_SYS_SIGABBREV) |
302 |
++# define sigabbrev_np(_x) sys_sigabbrev[(_x)] |
303 |
++# if defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 0 |
304 |
++ /* sys_sigabbrev is not declared by glibc */ |
305 |
++ extern const char *const sys_sigabbrev[NSIG]; |
306 |
++# endif |
307 |
++# else |
308 |
++# define sigabbrev_np(_x) sudo_sys_signame[(_x)] |
309 |
++ extern const char *const sudo_sys_signame[NSIG]; |
310 |
+ # endif |
311 |
+-extern const char *const sudo_sys_signame[NSIG]; |
312 |
+-#endif |
313 |
++#endif /* !HAVE_SIGABBREV_NP */ |
314 |
+ |
315 |
+ /* |
316 |
+ * Many systems use aliases for source backward compatibility. |
317 |
+@@ -154,11 +157,11 @@ |
318 |
+ } |
319 |
+ } |
320 |
+ |
321 |
+- /* Check sys_signame[]. */ |
322 |
+ for (signo = 1; signo < NSIG; signo++) { |
323 |
+- if (sudo_sys_signame[signo] != NULL) { |
324 |
++ const char *cp = sigabbrev_np(signo); |
325 |
++ if (cp != NULL) { |
326 |
+ /* On macOS sys_signame[] may contain lower-case names. */ |
327 |
+- if (strcasecmp(signame, sudo_sys_signame[signo]) == 0) { |
328 |
++ if (strcasecmp(signame, cp) == 0) { |
329 |
+ *result = signo; |
330 |
+ return 0; |
331 |
+ } |
332 |
+ |
333 |
|
334 |
diff --git a/app-admin/sudo/sudo-1.9.2-r1.ebuild b/app-admin/sudo/sudo-1.9.2-r1.ebuild |
335 |
new file mode 100644 |
336 |
index 00000000000..1f1f6e60dd3 |
337 |
--- /dev/null |
338 |
+++ b/app-admin/sudo/sudo-1.9.2-r1.ebuild |
339 |
@@ -0,0 +1,265 @@ |
340 |
+# Copyright 1999-2020 Gentoo Authors |
341 |
+# Distributed under the terms of the GNU General Public License v2 |
342 |
+ |
343 |
+EAPI=7 |
344 |
+ |
345 |
+inherit pam multilib libtool systemd tmpfiles |
346 |
+ |
347 |
+MY_P="${P/_/}" |
348 |
+MY_P="${MY_P/beta/b}" |
349 |
+ |
350 |
+DESCRIPTION="Allows users or groups to run commands as other users" |
351 |
+HOMEPAGE="https://www.sudo.ws/" |
352 |
+if [[ ${PV} == "9999" ]] ; then |
353 |
+ inherit mercurial |
354 |
+ EHG_REPO_URI="https://www.sudo.ws/repos/sudo" |
355 |
+else |
356 |
+ uri_prefix= |
357 |
+ case ${P} in |
358 |
+ *_beta*|*_rc*) uri_prefix=beta/ ;; |
359 |
+ esac |
360 |
+ |
361 |
+ SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz |
362 |
+ ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" |
363 |
+ if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then |
364 |
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~sparc-solaris" |
365 |
+ fi |
366 |
+fi |
367 |
+ |
368 |
+# Basic license is ISC-style as-is, some files are released under |
369 |
+# 3-clause BSD license |
370 |
+LICENSE="ISC BSD" |
371 |
+SLOT="0" |
372 |
+IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd" |
373 |
+ |
374 |
+DEPEND=" |
375 |
+ sys-libs/zlib:= |
376 |
+ gcrypt? ( dev-libs/libgcrypt:= ) |
377 |
+ ldap? ( |
378 |
+ >=net-nds/openldap-2.1.30-r1 |
379 |
+ sasl? ( |
380 |
+ dev-libs/cyrus-sasl |
381 |
+ net-nds/openldap[sasl] |
382 |
+ ) |
383 |
+ ) |
384 |
+ pam? ( sys-libs/pam ) |
385 |
+ sasl? ( dev-libs/cyrus-sasl ) |
386 |
+ skey? ( >=sys-auth/skey-1.1.5-r1 ) |
387 |
+ ssl? ( |
388 |
+ !libressl? ( dev-libs/openssl:0= ) |
389 |
+ libressl? ( dev-libs/libressl:0= ) |
390 |
+ ) |
391 |
+ sssd? ( sys-auth/sssd[sudo] ) |
392 |
+" |
393 |
+RDEPEND=" |
394 |
+ ${DEPEND} |
395 |
+ >=app-misc/editor-wrapper-3 |
396 |
+ virtual/editor |
397 |
+ ldap? ( dev-lang/perl ) |
398 |
+ pam? ( sys-auth/pambase ) |
399 |
+ selinux? ( sec-policy/selinux-sudo ) |
400 |
+ sendmail? ( virtual/mta ) |
401 |
+" |
402 |
+BDEPEND=" |
403 |
+ sys-devel/bison |
404 |
+ virtual/pkgconfig |
405 |
+" |
406 |
+ |
407 |
+S="${WORKDIR}/${MY_P}" |
408 |
+ |
409 |
+REQUIRED_USE=" |
410 |
+ pam? ( !skey ) |
411 |
+ skey? ( !pam ) |
412 |
+" |
413 |
+ |
414 |
+REQUIRED_USE="?? ( gcrypt ssl )" |
415 |
+ |
416 |
+MAKEOPTS+=" SAMPLES=" |
417 |
+ |
418 |
+PATCHES=( "${FILESDIR}/${P}-glibc-2.32.patch" ) # drop for releases after 1.9.2 |
419 |
+ |
420 |
+src_prepare() { |
421 |
+ default |
422 |
+ elibtoolize |
423 |
+} |
424 |
+ |
425 |
+set_secure_path() { |
426 |
+ # FIXME: secure_path is a compile time setting. using PATH or |
427 |
+ # ROOTPATH is not perfect, env-update may invalidate this, but until it |
428 |
+ # is available as a sudoers setting this will have to do. |
429 |
+ einfo "Setting secure_path ..." |
430 |
+ |
431 |
+ # first extract the default ROOTPATH from build env |
432 |
+ SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; |
433 |
+ echo "${ROOTPATH}") |
434 |
+ case "${SECURE_PATH}" in |
435 |
+ */usr/sbin*) ;; |
436 |
+ *) SECURE_PATH=$(unset PATH; |
437 |
+ . "${EPREFIX}"/etc/profile.env; echo "${PATH}") |
438 |
+ ;; |
439 |
+ esac |
440 |
+ if [[ -z ${SECURE_PATH} ]] ; then |
441 |
+ ewarn " Failed to detect SECURE_PATH, please report this" |
442 |
+ fi |
443 |
+ |
444 |
+ # then remove duplicate path entries |
445 |
+ cleanpath() { |
446 |
+ local newpath thisp IFS=: |
447 |
+ for thisp in $1 ; do |
448 |
+ if [[ :${newpath}: != *:${thisp}:* ]] ; then |
449 |
+ newpath+=:${thisp} |
450 |
+ else |
451 |
+ einfo " Duplicate entry ${thisp} removed..." |
452 |
+ fi |
453 |
+ done |
454 |
+ SECURE_PATH=${newpath#:} |
455 |
+ } |
456 |
+ cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}} |
457 |
+ |
458 |
+ # finally, strip gcc paths #136027 |
459 |
+ rmpath() { |
460 |
+ local e newpath thisp IFS=: |
461 |
+ for thisp in ${SECURE_PATH} ; do |
462 |
+ for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done |
463 |
+ newpath+=:${thisp} |
464 |
+ done |
465 |
+ SECURE_PATH=${newpath#:} |
466 |
+ } |
467 |
+ rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' |
468 |
+ |
469 |
+ einfo "... done" |
470 |
+} |
471 |
+ |
472 |
+src_configure() { |
473 |
+ local SECURE_PATH |
474 |
+ set_secure_path |
475 |
+ |
476 |
+ # audit: somebody got to explain me how I can test this before I |
477 |
+ # enable it.. - Diego |
478 |
+ # plugindir: autoconf code is crappy and does not delay evaluation |
479 |
+ # until `make` time, so we have to use a full path here rather than |
480 |
+ # basing off other values. |
481 |
+ myeconfargs=( |
482 |
+ # requires some python eclass |
483 |
+ --disable-python |
484 |
+ --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d |
485 |
+ --enable-zlib=system |
486 |
+ --with-editor="${EPREFIX}"/usr/libexec/editor |
487 |
+ --with-env-editor |
488 |
+ --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo |
489 |
+ --with-rundir="${EPREFIX}"/run/sudo |
490 |
+ --with-vardir="${EPREFIX}"/var/db/sudo |
491 |
+ --without-linux-audit |
492 |
+ --without-opie |
493 |
+ $(use_enable gcrypt) |
494 |
+ $(use_enable nls) |
495 |
+ $(use_enable sasl) |
496 |
+ $(use_enable ssl openssl) |
497 |
+ $(use_with ldap) |
498 |
+ $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) |
499 |
+ $(use_with offensive insults) |
500 |
+ $(use_with offensive all-insults) |
501 |
+ $(use_with pam) |
502 |
+ $(use_with pam pam-login) |
503 |
+ $(use_with secure-path secure-path "${SECURE_PATH}") |
504 |
+ $(use_with selinux) |
505 |
+ $(use_with sendmail) |
506 |
+ $(use_with skey) |
507 |
+ $(use_with sssd) |
508 |
+ ) |
509 |
+ |
510 |
+ econf "${myeconfargs[@]}" |
511 |
+} |
512 |
+ |
513 |
+src_install() { |
514 |
+ default |
515 |
+ |
516 |
+ if use ldap ; then |
517 |
+ dodoc README.LDAP |
518 |
+ |
519 |
+ cat <<-EOF > "${T}"/ldap.conf.sudo |
520 |
+ # See ldap.conf(5) and README.LDAP for details |
521 |
+ # This file should only be readable by root |
522 |
+ |
523 |
+ # supported directives: host, port, ssl, ldap_version |
524 |
+ # uri, binddn, bindpw, sudoers_base, sudoers_debug |
525 |
+ # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key} |
526 |
+ EOF |
527 |
+ |
528 |
+ if use sasl ; then |
529 |
+ cat <<-EOF >> "${T}"/ldap.conf.sudo |
530 |
+ |
531 |
+ # SASL directives: use_sasl, sasl_mech, sasl_auth_id |
532 |
+ # sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname |
533 |
+ EOF |
534 |
+ fi |
535 |
+ |
536 |
+ insinto /etc |
537 |
+ doins "${T}"/ldap.conf.sudo |
538 |
+ fperms 0440 /etc/ldap.conf.sudo |
539 |
+ |
540 |
+ insinto /etc/openldap/schema |
541 |
+ newins doc/schema.OpenLDAP sudo.schema |
542 |
+ fi |
543 |
+ |
544 |
+ pamd_mimic system-auth sudo auth account session |
545 |
+ pamd_mimic system-auth sudo-i auth account session |
546 |
+ |
547 |
+ keepdir /var/db/sudo/lectured |
548 |
+ fperms 0700 /var/db/sudo/lectured |
549 |
+ fperms 0711 /var/db/sudo #652958 |
550 |
+ |
551 |
+ # Don't install into /run as that is a tmpfs most of the time |
552 |
+ # (bug #504854) |
553 |
+ rm -rf "${ED}"/run || die |
554 |
+ |
555 |
+ find "${ED}" -type f -name "*.la" -delete || die #697812 |
556 |
+} |
557 |
+ |
558 |
+pkg_postinst() { |
559 |
+ tmpfiles_process sudo.conf |
560 |
+ |
561 |
+ #652958 |
562 |
+ local sudo_db="${EROOT}/var/db/sudo" |
563 |
+ if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then |
564 |
+ chmod 711 "${sudo_db}" || die |
565 |
+ fi |
566 |
+ |
567 |
+ if use ldap ; then |
568 |
+ ewarn |
569 |
+ ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." |
570 |
+ ewarn |
571 |
+ if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then |
572 |
+ ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" |
573 |
+ ewarn "configured in /etc/nsswitch.conf." |
574 |
+ ewarn |
575 |
+ ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" |
576 |
+ ewarn " sudoers: ldap files" |
577 |
+ ewarn |
578 |
+ fi |
579 |
+ fi |
580 |
+ if use prefix ; then |
581 |
+ ewarn |
582 |
+ ewarn "To use sudo, you need to change file ownership and permissions" |
583 |
+ ewarn "with root privileges, as follows:" |
584 |
+ ewarn |
585 |
+ ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" |
586 |
+ ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" |
587 |
+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers" |
588 |
+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" |
589 |
+ ewarn " # chown root:root ${EPREFIX}/var/db/sudo" |
590 |
+ ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" |
591 |
+ ewarn |
592 |
+ fi |
593 |
+ |
594 |
+ elog "To use the -A (askpass) option, you need to install a compatible" |
595 |
+ elog "password program from the following list. Starred packages will" |
596 |
+ elog "automatically register for the use with sudo (but will not force" |
597 |
+ elog "the -A option):" |
598 |
+ elog "" |
599 |
+ elog " [*] net-misc/ssh-askpass-fullscreen" |
600 |
+ elog " net-misc/x11-ssh-askpass" |
601 |
+ elog "" |
602 |
+ elog "You can override the choice by setting the SUDO_ASKPASS environmnent" |
603 |
+ elog "variable to the program you want to use." |
604 |
+} |