Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Gilbert <floppym@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/files/, app-admin/sudo/
Date: Mon, 07 Sep 2020 20:44:37
Message-Id: 1599511441.5ada6ccb950343e144eb49969b1f288fd930dc0a.floppym@gentoo
1 commit: 5ada6ccb950343e144eb49969b1f288fd930dc0a
2 Author: David Michael <fedora.dm0 <AT> gmail <DOT> com>
3 AuthorDate: Thu Sep 3 12:49:40 2020 +0000
4 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
5 CommitDate: Mon Sep 7 20:44:01 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ada6ccb
7
8 app-admin/sudo: glibc-2.32 port
9
10 Closes: https://bugs.gentoo.org/739016
11 Package-Manager: Portage-3.0.4, Repoman-2.3.23
12 Signed-off-by: David Michael <fedora.dm0 <AT> gmail.com>
13 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
14
15 app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch | 308 +++++++++++++++++++++++
16 app-admin/sudo/sudo-1.9.2-r1.ebuild | 265 +++++++++++++++++++
17 2 files changed, 573 insertions(+)
18
19 diff --git a/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch b/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch
20 new file mode 100644
21 index 00000000000..6134fe736d0
22 --- /dev/null
23 +++ b/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch
24 @@ -0,0 +1,308 @@
25 +
26 +# HG changeset patch
27 +# User Todd C. Miller <Todd.Miller@××××.ws>
28 +# Date 1598395693 21600
29 +# Node ID e30482f26924b07775d87ae591e54ad72e794d5e
30 +# Parent 1ede927d99b3cb06ba514c9fd2fd7fa9a014a1b2
31 +Use sigabbrev_np(3) to access signal abbreviations if supported.
32 +glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3) instead.
33 +
34 +diff -r 1ede927d99b3 -r e30482f26924 config.h.in
35 +--- a/config.h.in Mon Aug 17 19:37:09 2020 -0600
36 ++++ b/config.h.in Tue Aug 25 16:48:13 2020 -0600
37 +@@ -740,6 +740,9 @@
38 + /* Define to 1 if you have the `sig2str' function. */
39 + #undef HAVE_SIG2STR
40 +
41 ++/* Define to 1 if you have the `sigabbrev_np' function. */
42 ++#undef HAVE_SIGABBREV_NP
43 ++
44 + /* Define to 1 if you use S/Key. */
45 + #undef HAVE_SKEY
46 +
47 +diff -r 1ede927d99b3 -r e30482f26924 configure
48 +--- a/configure Mon Aug 17 19:37:09 2020 -0600
49 ++++ b/configure Tue Aug 25 16:48:13 2020 -0600
50 +@@ -23687,9 +23687,21 @@
51 +
52 +
53 + if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then
54 +- COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
55 +- HAVE_SIGNAME="false"
56 +- ac_fn_c_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" "
57 ++ for ac_func in sigabbrev_np
58 ++do :
59 ++ ac_fn_c_check_func "$LINENO" "sigabbrev_np" "ac_cv_func_sigabbrev_np"
60 ++if test "x$ac_cv_func_sigabbrev_np" = xyes; then :
61 ++ cat >>confdefs.h <<_ACEOF
62 ++#define HAVE_SIGABBREV_NP 1
63 ++_ACEOF
64 ++
65 ++fi
66 ++done
67 ++
68 ++ if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then
69 ++ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
70 ++ HAVE_SIGNAME="false"
71 ++ ac_fn_c_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" "
72 + $ac_includes_default
73 + #include <signal.h>
74 +
75 +@@ -23705,7 +23717,7 @@
76 + _ACEOF
77 + if test $ac_have_decl = 1; then :
78 +
79 +- HAVE_SIGNAME="true"
80 ++ HAVE_SIGNAME="true"
81 +
82 + fi
83 + ac_fn_c_check_decl "$LINENO" "_sys_signame" "ac_cv_have_decl__sys_signame" "
84 +@@ -23724,7 +23736,7 @@
85 + _ACEOF
86 + if test $ac_have_decl = 1; then :
87 +
88 +- HAVE_SIGNAME="true"
89 ++ HAVE_SIGNAME="true"
90 +
91 + fi
92 + ac_fn_c_check_decl "$LINENO" "sys_sigabbrev" "ac_cv_have_decl_sys_sigabbrev" "
93 +@@ -23743,12 +23755,12 @@
94 + _ACEOF
95 + if test $ac_have_decl = 1; then :
96 +
97 +- HAVE_SIGNAME="true"
98 +-
99 +-fi
100 +-
101 +- if test "$HAVE_SIGNAME" != "true"; then
102 +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared sys_sigabbrev" >&5
103 ++ HAVE_SIGNAME="true"
104 ++
105 ++fi
106 ++
107 ++ if test "$HAVE_SIGNAME" != "true"; then
108 ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared sys_sigabbrev" >&5
109 + $as_echo_n "checking for undeclared sys_sigabbrev... " >&6; }
110 + if ${sudo_cv_var_sys_sigabbrev+:} false; then :
111 + $as_echo_n "(cached) " >&6
112 +@@ -23777,17 +23789,18 @@
113 + fi
114 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_sys_sigabbrev" >&5
115 + $as_echo "$sudo_cv_var_sys_sigabbrev" >&6; }
116 +- if test "$sudo_cv_var_sys_sigabbrev" = yes; then
117 +- $as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h
118 +-
119 +- else
120 +- case " $LIBOBJS " in
121 ++ if test "$sudo_cv_var_sys_sigabbrev" = yes; then
122 ++ $as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h
123 ++
124 ++ else
125 ++ case " $LIBOBJS " in
126 + *" signame.$ac_objext "* ) ;;
127 + *) LIBOBJS="$LIBOBJS signame.$ac_objext"
128 + ;;
129 + esac
130 +
131 +- SIGNAME=signame.lo
132 ++ SIGNAME=signame.lo
133 ++ fi
134 + fi
135 + fi
136 + fi
137 +diff -r 1ede927d99b3 -r e30482f26924 configure.ac
138 +--- a/configure.ac Mon Aug 17 19:37:09 2020 -0600
139 ++++ b/configure.ac Tue Aug 25 16:48:13 2020 -0600
140 +@@ -3498,29 +3498,32 @@
141 + dnl Also enable unit tests for sig2str() and str2sig().
142 + dnl
143 + if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then
144 +- COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
145 +- HAVE_SIGNAME="false"
146 +- AC_CHECK_DECLS([sys_signame, _sys_signame, sys_sigabbrev], [
147 +- HAVE_SIGNAME="true"
148 +- ], [ ], [
149 ++ AC_CHECK_FUNCS([sigabbrev_np])
150 ++ if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then
151 ++ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
152 ++ HAVE_SIGNAME="false"
153 ++ AC_CHECK_DECLS([sys_signame, _sys_signame, sys_sigabbrev], [
154 ++ HAVE_SIGNAME="true"
155 ++ ], [ ], [
156 + AC_INCLUDES_DEFAULT
157 + #include <signal.h>
158 +- ])
159 +- if test "$HAVE_SIGNAME" != "true"; then
160 +- AC_CACHE_CHECK([for undeclared sys_sigabbrev],
161 +- [sudo_cv_var_sys_sigabbrev],
162 +- [AC_LINK_IFELSE(
163 +- [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
164 +- [sudo_cv_var_sys_sigabbrev=yes],
165 +- [sudo_cv_var_sys_sigabbrev=no]
166 +- )
167 +- ]
168 +- )
169 +- if test "$sudo_cv_var_sys_sigabbrev" = yes; then
170 +- AC_DEFINE(HAVE_SYS_SIGABBREV)
171 +- else
172 +- AC_LIBOBJ(signame)
173 +- SIGNAME=signame.lo
174 ++ ])
175 ++ if test "$HAVE_SIGNAME" != "true"; then
176 ++ AC_CACHE_CHECK([for undeclared sys_sigabbrev],
177 ++ [sudo_cv_var_sys_sigabbrev],
178 ++ [AC_LINK_IFELSE(
179 ++ [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
180 ++ [sudo_cv_var_sys_sigabbrev=yes],
181 ++ [sudo_cv_var_sys_sigabbrev=no]
182 ++ )
183 ++ ]
184 ++ )
185 ++ if test "$sudo_cv_var_sys_sigabbrev" = yes; then
186 ++ AC_DEFINE(HAVE_SYS_SIGABBREV)
187 ++ else
188 ++ AC_LIBOBJ(signame)
189 ++ SIGNAME=signame.lo
190 ++ fi
191 + fi
192 + fi
193 + fi
194 +diff -r 1ede927d99b3 -r e30482f26924 lib/util/sig2str.c
195 +--- a/lib/util/sig2str.c Mon Aug 17 19:37:09 2020 -0600
196 ++++ b/lib/util/sig2str.c Tue Aug 25 16:48:13 2020 -0600
197 +@@ -1,7 +1,7 @@
198 + /*
199 + * SPDX-License-Identifier: ISC
200 + *
201 +- * Copyright (c) 2012-2015, 2017-2019 Todd C. Miller <Todd.Miller@××××.ws>
202 ++ * Copyright (c) 2012-2015, 2017-2020 Todd C. Miller <Todd.Miller@××××.ws>
203 + *
204 + * Permission to use, copy, modify, and distribute this software for any
205 + * purpose with or without fee is hereby granted, provided that the above
206 +@@ -32,20 +32,24 @@
207 + #include <unistd.h>
208 +
209 + #include "sudo_compat.h"
210 ++#include "sudo_util.h"
211 +
212 +-#if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
213 +-# define sudo_sys_signame sys_signame
214 +-#elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
215 +-# define sudo_sys_signame _sys_signame
216 +-#elif defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 1
217 +-# define sudo_sys_signame sys_sigabbrev
218 +-#else
219 +-# ifdef HAVE_SYS_SIGABBREV
220 +- /* sys_sigabbrev is not declared by glibc */
221 +-# define sudo_sys_signame sys_sigabbrev
222 ++#if !defined(HAVE_SIGABBREV_NP)
223 ++# if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
224 ++# define sigabbrev_np(_x) sys_signame[(_x)]
225 ++# elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
226 ++# define sigabbrev_np(_x) _sys_signame[(_x)]
227 ++# elif defined(HAVE_SYS_SIGABBREV)
228 ++# define sigabbrev_np(_x) sys_sigabbrev[(_x)]
229 ++# if defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 0
230 ++ /* sys_sigabbrev is not declared by glibc */
231 ++ extern const char *const sys_sigabbrev[NSIG];
232 ++# endif
233 ++# else
234 ++# define sigabbrev_np(_x) sudo_sys_signame[(_x)]
235 ++ extern const char *const sudo_sys_signame[NSIG];
236 + # endif
237 +-extern const char *const sudo_sys_signame[NSIG];
238 +-#endif
239 ++#endif /* !HAVE_SIGABBREV_NP */
240 +
241 + /*
242 + * Translate signal number to name.
243 +@@ -77,15 +81,18 @@
244 + return 0;
245 + }
246 + #endif
247 +- if (signo > 0 && signo < NSIG && sudo_sys_signame[signo] != NULL) {
248 +- strlcpy(signame, sudo_sys_signame[signo], SIG2STR_MAX);
249 +- /* Make sure we always return an upper case signame. */
250 +- if (islower((unsigned char)signame[0])) {
251 +- int i;
252 +- for (i = 0; signame[i] != '\0'; i++)
253 +- signame[i] = toupper((unsigned char)signame[i]);
254 ++ if (signo > 0 && signo < NSIG) {
255 ++ const char *cp = sigabbrev_np(signo);
256 ++ if (cp != NULL) {
257 ++ strlcpy(signame, cp, SIG2STR_MAX);
258 ++ /* Make sure we always return an upper case signame. */
259 ++ if (islower((unsigned char)signame[0])) {
260 ++ int i;
261 ++ for (i = 0; signame[i] != '\0'; i++)
262 ++ signame[i] = toupper((unsigned char)signame[i]);
263 ++ }
264 ++ return 0;
265 + }
266 +- return 0;
267 + }
268 + errno = EINVAL;
269 + return -1;
270 +diff -r 1ede927d99b3 -r e30482f26924 lib/util/str2sig.c
271 +--- a/lib/util/str2sig.c Mon Aug 17 19:37:09 2020 -0600
272 ++++ b/lib/util/str2sig.c Tue Aug 25 16:48:13 2020 -0600
273 +@@ -1,7 +1,7 @@
274 + /*
275 + * SPDX-License-Identifier: ISC
276 + *
277 +- * Copyright (c) 2019 Todd C. Miller <Todd.Miller@××××.ws>
278 ++ * Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@××××.ws>
279 + *
280 + * Permission to use, copy, modify, and distribute this software for any
281 + * purpose with or without fee is hereby granted, provided that the above
282 +@@ -37,19 +37,22 @@
283 + #include "sudo_compat.h"
284 + #include "sudo_util.h"
285 +
286 +-#if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
287 +-# define sudo_sys_signame sys_signame
288 +-#elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
289 +-# define sudo_sys_signame _sys_signame
290 +-#elif defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 1
291 +-# define sudo_sys_signame sys_sigabbrev
292 +-#else
293 +-# ifdef HAVE_SYS_SIGABBREV
294 +- /* sys_sigabbrev is not declared by glibc */
295 +-# define sudo_sys_signame sys_sigabbrev
296 ++#if !defined(HAVE_SIGABBREV_NP)
297 ++# if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
298 ++# define sigabbrev_np(_x) sys_signame[(_x)]
299 ++# elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
300 ++# define sigabbrev_np(_x) _sys_signame[(_x)]
301 ++# elif defined(HAVE_SYS_SIGABBREV)
302 ++# define sigabbrev_np(_x) sys_sigabbrev[(_x)]
303 ++# if defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 0
304 ++ /* sys_sigabbrev is not declared by glibc */
305 ++ extern const char *const sys_sigabbrev[NSIG];
306 ++# endif
307 ++# else
308 ++# define sigabbrev_np(_x) sudo_sys_signame[(_x)]
309 ++ extern const char *const sudo_sys_signame[NSIG];
310 + # endif
311 +-extern const char *const sudo_sys_signame[NSIG];
312 +-#endif
313 ++#endif /* !HAVE_SIGABBREV_NP */
314 +
315 + /*
316 + * Many systems use aliases for source backward compatibility.
317 +@@ -154,11 +157,11 @@
318 + }
319 + }
320 +
321 +- /* Check sys_signame[]. */
322 + for (signo = 1; signo < NSIG; signo++) {
323 +- if (sudo_sys_signame[signo] != NULL) {
324 ++ const char *cp = sigabbrev_np(signo);
325 ++ if (cp != NULL) {
326 + /* On macOS sys_signame[] may contain lower-case names. */
327 +- if (strcasecmp(signame, sudo_sys_signame[signo]) == 0) {
328 ++ if (strcasecmp(signame, cp) == 0) {
329 + *result = signo;
330 + return 0;
331 + }
332 +
333
334 diff --git a/app-admin/sudo/sudo-1.9.2-r1.ebuild b/app-admin/sudo/sudo-1.9.2-r1.ebuild
335 new file mode 100644
336 index 00000000000..1f1f6e60dd3
337 --- /dev/null
338 +++ b/app-admin/sudo/sudo-1.9.2-r1.ebuild
339 @@ -0,0 +1,265 @@
340 +# Copyright 1999-2020 Gentoo Authors
341 +# Distributed under the terms of the GNU General Public License v2
342 +
343 +EAPI=7
344 +
345 +inherit pam multilib libtool systemd tmpfiles
346 +
347 +MY_P="${P/_/}"
348 +MY_P="${MY_P/beta/b}"
349 +
350 +DESCRIPTION="Allows users or groups to run commands as other users"
351 +HOMEPAGE="https://www.sudo.ws/"
352 +if [[ ${PV} == "9999" ]] ; then
353 + inherit mercurial
354 + EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
355 +else
356 + uri_prefix=
357 + case ${P} in
358 + *_beta*|*_rc*) uri_prefix=beta/ ;;
359 + esac
360 +
361 + SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
362 + ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
363 + if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
364 + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~sparc-solaris"
365 + fi
366 +fi
367 +
368 +# Basic license is ISC-style as-is, some files are released under
369 +# 3-clause BSD license
370 +LICENSE="ISC BSD"
371 +SLOT="0"
372 +IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux +sendmail skey ssl sssd"
373 +
374 +DEPEND="
375 + sys-libs/zlib:=
376 + gcrypt? ( dev-libs/libgcrypt:= )
377 + ldap? (
378 + >=net-nds/openldap-2.1.30-r1
379 + sasl? (
380 + dev-libs/cyrus-sasl
381 + net-nds/openldap[sasl]
382 + )
383 + )
384 + pam? ( sys-libs/pam )
385 + sasl? ( dev-libs/cyrus-sasl )
386 + skey? ( >=sys-auth/skey-1.1.5-r1 )
387 + ssl? (
388 + !libressl? ( dev-libs/openssl:0= )
389 + libressl? ( dev-libs/libressl:0= )
390 + )
391 + sssd? ( sys-auth/sssd[sudo] )
392 +"
393 +RDEPEND="
394 + ${DEPEND}
395 + >=app-misc/editor-wrapper-3
396 + virtual/editor
397 + ldap? ( dev-lang/perl )
398 + pam? ( sys-auth/pambase )
399 + selinux? ( sec-policy/selinux-sudo )
400 + sendmail? ( virtual/mta )
401 +"
402 +BDEPEND="
403 + sys-devel/bison
404 + virtual/pkgconfig
405 +"
406 +
407 +S="${WORKDIR}/${MY_P}"
408 +
409 +REQUIRED_USE="
410 + pam? ( !skey )
411 + skey? ( !pam )
412 +"
413 +
414 +REQUIRED_USE="?? ( gcrypt ssl )"
415 +
416 +MAKEOPTS+=" SAMPLES="
417 +
418 +PATCHES=( "${FILESDIR}/${P}-glibc-2.32.patch" ) # drop for releases after 1.9.2
419 +
420 +src_prepare() {
421 + default
422 + elibtoolize
423 +}
424 +
425 +set_secure_path() {
426 + # FIXME: secure_path is a compile time setting. using PATH or
427 + # ROOTPATH is not perfect, env-update may invalidate this, but until it
428 + # is available as a sudoers setting this will have to do.
429 + einfo "Setting secure_path ..."
430 +
431 + # first extract the default ROOTPATH from build env
432 + SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
433 + echo "${ROOTPATH}")
434 + case "${SECURE_PATH}" in
435 + */usr/sbin*) ;;
436 + *) SECURE_PATH=$(unset PATH;
437 + . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
438 + ;;
439 + esac
440 + if [[ -z ${SECURE_PATH} ]] ; then
441 + ewarn " Failed to detect SECURE_PATH, please report this"
442 + fi
443 +
444 + # then remove duplicate path entries
445 + cleanpath() {
446 + local newpath thisp IFS=:
447 + for thisp in $1 ; do
448 + if [[ :${newpath}: != *:${thisp}:* ]] ; then
449 + newpath+=:${thisp}
450 + else
451 + einfo " Duplicate entry ${thisp} removed..."
452 + fi
453 + done
454 + SECURE_PATH=${newpath#:}
455 + }
456 + cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
457 +
458 + # finally, strip gcc paths #136027
459 + rmpath() {
460 + local e newpath thisp IFS=:
461 + for thisp in ${SECURE_PATH} ; do
462 + for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
463 + newpath+=:${thisp}
464 + done
465 + SECURE_PATH=${newpath#:}
466 + }
467 + rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
468 +
469 + einfo "... done"
470 +}
471 +
472 +src_configure() {
473 + local SECURE_PATH
474 + set_secure_path
475 +
476 + # audit: somebody got to explain me how I can test this before I
477 + # enable it.. - Diego
478 + # plugindir: autoconf code is crappy and does not delay evaluation
479 + # until `make` time, so we have to use a full path here rather than
480 + # basing off other values.
481 + myeconfargs=(
482 + # requires some python eclass
483 + --disable-python
484 + --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
485 + --enable-zlib=system
486 + --with-editor="${EPREFIX}"/usr/libexec/editor
487 + --with-env-editor
488 + --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
489 + --with-rundir="${EPREFIX}"/run/sudo
490 + --with-vardir="${EPREFIX}"/var/db/sudo
491 + --without-linux-audit
492 + --without-opie
493 + $(use_enable gcrypt)
494 + $(use_enable nls)
495 + $(use_enable sasl)
496 + $(use_enable ssl openssl)
497 + $(use_with ldap)
498 + $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
499 + $(use_with offensive insults)
500 + $(use_with offensive all-insults)
501 + $(use_with pam)
502 + $(use_with pam pam-login)
503 + $(use_with secure-path secure-path "${SECURE_PATH}")
504 + $(use_with selinux)
505 + $(use_with sendmail)
506 + $(use_with skey)
507 + $(use_with sssd)
508 + )
509 +
510 + econf "${myeconfargs[@]}"
511 +}
512 +
513 +src_install() {
514 + default
515 +
516 + if use ldap ; then
517 + dodoc README.LDAP
518 +
519 + cat <<-EOF > "${T}"/ldap.conf.sudo
520 + # See ldap.conf(5) and README.LDAP for details
521 + # This file should only be readable by root
522 +
523 + # supported directives: host, port, ssl, ldap_version
524 + # uri, binddn, bindpw, sudoers_base, sudoers_debug
525 + # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
526 + EOF
527 +
528 + if use sasl ; then
529 + cat <<-EOF >> "${T}"/ldap.conf.sudo
530 +
531 + # SASL directives: use_sasl, sasl_mech, sasl_auth_id
532 + # sasl_secprops, rootuse_sasl, rootsasl_auth_id, krb5_ccname
533 + EOF
534 + fi
535 +
536 + insinto /etc
537 + doins "${T}"/ldap.conf.sudo
538 + fperms 0440 /etc/ldap.conf.sudo
539 +
540 + insinto /etc/openldap/schema
541 + newins doc/schema.OpenLDAP sudo.schema
542 + fi
543 +
544 + pamd_mimic system-auth sudo auth account session
545 + pamd_mimic system-auth sudo-i auth account session
546 +
547 + keepdir /var/db/sudo/lectured
548 + fperms 0700 /var/db/sudo/lectured
549 + fperms 0711 /var/db/sudo #652958
550 +
551 + # Don't install into /run as that is a tmpfs most of the time
552 + # (bug #504854)
553 + rm -rf "${ED}"/run || die
554 +
555 + find "${ED}" -type f -name "*.la" -delete || die #697812
556 +}
557 +
558 +pkg_postinst() {
559 + tmpfiles_process sudo.conf
560 +
561 + #652958
562 + local sudo_db="${EROOT}/var/db/sudo"
563 + if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
564 + chmod 711 "${sudo_db}" || die
565 + fi
566 +
567 + if use ldap ; then
568 + ewarn
569 + ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
570 + ewarn
571 + if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
572 + ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
573 + ewarn "configured in /etc/nsswitch.conf."
574 + ewarn
575 + ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
576 + ewarn " sudoers: ldap files"
577 + ewarn
578 + fi
579 + fi
580 + if use prefix ; then
581 + ewarn
582 + ewarn "To use sudo, you need to change file ownership and permissions"
583 + ewarn "with root privileges, as follows:"
584 + ewarn
585 + ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
586 + ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
587 + ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
588 + ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
589 + ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
590 + ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
591 + ewarn
592 + fi
593 +
594 + elog "To use the -A (askpass) option, you need to install a compatible"
595 + elog "password program from the following list. Starred packages will"
596 + elog "automatically register for the use with sudo (but will not force"
597 + elog "the -A option):"
598 + elog ""
599 + elog " [*] net-misc/ssh-askpass-fullscreen"
600 + elog " net-misc/x11-ssh-askpass"
601 + elog ""
602 + elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
603 + elog "variable to the program you want to use."
604 +}
Report Message
Find on MARC Find on Google Groups