[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/
Date:	Tue, 04 Sep 2018 06:43:07
Message-Id:	`1536043312.be4400f93587b971ebcd01d910bbb4fea883164d.polynomial-c@gentoo`

1

commit:     be4400f93587b971ebcd01d910bbb4fea883164d

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Tue Sep  4 06:41:52 2018 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Tue Sep  4 06:41:52 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be4400f9

7

8

app-admin/sudo: Bump to version 1.8.25

9

10

Package-Manager: Portage-2.3.49, Repoman-2.3.10

11

12

 app-admin/sudo/Manifest           |   1 +

13

 app-admin/sudo/sudo-1.8.25.ebuild | 240 ++++++++++++++++++++++++++++++++++++++

14

 2 files changed, 241 insertions(+)

15

16

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest

17

index 1a15ddba2f3..3bd05ad2d17 100644

18

--- a/app-admin/sudo/Manifest

19

+++ b/app-admin/sudo/Manifest

20

@@ -1,3 +1,4 @@

21

 DIST sudo-1.8.22.tar.gz 3029051 BLAKE2B c77e05b6e9cee738902d6289327fb5d34d19833d96597f983d8af01434d224dd698f9257b0965a0e480e8d19eb38eef0c8216942ca5217c3fe7516cdf397f7b7 SHA512 5ce10a9302d25bb726e347499d26a0b3697446cfcdf0fd9094ee35198db7b023d5250a53fdcb4184d1a09f5fd2a78fc645bc8e80f265666b05a91f62f49b0695

22

 DIST sudo-1.8.23.tar.gz 3150674 BLAKE2B 11b1c7bfa372005cda8baf651c4662f6fd15e94ca77f7705b23ca6573424796d5c1f8e47e2874c4b54017141d01a632885ac60c92346d932537048373cad0ede SHA512 a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342

23

 DIST sudo-1.8.24.tar.gz 3175719 BLAKE2B 61fc469e2d8146b8bb59709192dc33828f0065d4dcf9625e72ae1da9a2c1d6925a0201e5999e146e2e15f5a103ad5690a88fcabb75f57e76b779fe07de53b459 SHA512 ec6295a456a300e81ea2356080d51a57e3eb5d8070d8aab228cece0100ef54954f6c3dd458316b0c2da6839c0d8dab7cdc1a360aceb2594641e064465ecb1ee8

24

+DIST sudo-1.8.25.tar.gz 3189660 BLAKE2B 9eeab3ac4ea67a866071750a8cf19e0753ef1b59187f715c69547bbae8ee0039bf15116ef30ed5dc6fc11b17beeff174e08756b2d701e0f2668a05f2e318f623 SHA512 f3f0c9e315484e5ba2d535f41ab722881343b1fa299f75cfad456bd41a555d80080369677e62626307df792aeabc29ba450e6f0b9c284ea2cfb8dc5e3568f46d

25

26

diff --git a/app-admin/sudo/sudo-1.8.25.ebuild b/app-admin/sudo/sudo-1.8.25.ebuild

27

new file mode 100644

28

index 00000000000..f4ab4527b4f

29

--- /dev/null

30

+++ b/app-admin/sudo/sudo-1.8.25.ebuild

31

@@ -0,0 +1,240 @@

32

+# Copyright 1999-2018 Gentoo Foundation

33

+# Distributed under the terms of the GNU General Public License v2

34

+

35

+EAPI=6

36

+

37

+inherit eutils pam multilib libtool tmpfiles

38

+if [[ ${PV} == "9999" ]] ; then

39

+	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"

40

+	inherit mercurial

41

+fi

42

+

43

+MY_P=${P/_/}

44

+MY_P=${MY_P/beta/b}

45

+

46

+uri_prefix=

47

+case ${P} in

48

+	*_beta*|*_rc*) uri_prefix=beta/ ;;

49

+esac

50

+

51

+DESCRIPTION="Allows users or groups to run commands as other users"

52

+HOMEPAGE="https://www.sudo.ws/"

53

+if [[ ${PV} != "9999" ]] ; then

54

+	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz

55

+		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"

56

+	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then

57

+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"

58

+	fi

59

+fi

60

+

61

+# Basic license is ISC-style as-is, some files are released under

62

+# 3-clause BSD license

63

+LICENSE="ISC BSD"

64

+SLOT="0"

65

+IUSE="gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey"

66

+

67

+CDEPEND="

68

+	sys-libs/zlib:=

69

+	gcrypt? ( dev-libs/libgcrypt:= )

70

+	ldap? (

71

+		>=net-nds/openldap-2.1.30-r1

72

+		dev-libs/cyrus-sasl

73

+	)

74

+	openssl? ( dev-libs/openssl:0= )

75

+	pam? ( virtual/pam )

76

+	sasl? ( dev-libs/cyrus-sasl )

77

+	skey? ( >=sys-auth/skey-1.1.5-r1 )

78

+"

79

+RDEPEND="

80

+	${CDEPEND}

81

+	>=app-misc/editor-wrapper-3

82

+	virtual/editor

83

+	ldap? ( dev-lang/perl )

84

+	pam? ( sys-auth/pambase )

85

+	selinux? ( sec-policy/selinux-sudo )

86

+	sendmail? ( virtual/mta )

87

+"

88

+DEPEND="

89

+	${CDEPEND}

90

+	sys-devel/bison

91

+"

92

+

93

+S="${WORKDIR}/${MY_P}"

94

+

95

+REQUIRED_USE="

96

+	pam? ( !skey )

97

+	skey? ( !pam )

98

+	?? ( gcrypt openssl )

99

+"

100

+

101

+MAKEOPTS+=" SAMPLES="

102

+

103

+src_prepare() {

104

+	default

105

+	elibtoolize

106

+}

107

+

108

+set_secure_path() {

109

+	# FIXME: secure_path is a compile time setting. using PATH or

110

+	# ROOTPATH is not perfect, env-update may invalidate this, but until it

111

+	# is available as a sudoers setting this will have to do.

112

+	einfo "Setting secure_path ..."

113

+

114

+	# first extract the default ROOTPATH from build env

115

+	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;

116

+		echo "${ROOTPATH}")

117

+		case "${SECURE_PATH}" in

118

+			*/usr/sbin*) ;;

119

+			*) SECURE_PATH=$(unset PATH;

120

+				. "${EPREFIX}"/etc/profile.env; echo "${PATH}")

121

+				;;

122

+		esac

123

+	if [[ -z ${SECURE_PATH} ]] ; then

124

+		ewarn "	Failed to detect SECURE_PATH, please report this"

125

+	fi

126

+

127

+	# then remove duplicate path entries

128

+	cleanpath() {

129

+		local newpath thisp IFS=:

130

+		for thisp in $1 ; do

131

+			if [[ :${newpath}: != *:${thisp}:* ]] ; then

132

+				newpath+=:$thisp

133

+			else

134

+				einfo "   Duplicate entry ${thisp} removed..."

135

+			fi

136

+		done

137

+		SECURE_PATH=${newpath#:}

138

+	}

139

+	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}

140

+

141

+	# finally, strip gcc paths #136027

142

+	rmpath() {

143

+		local e newpath thisp IFS=:

144

+		for thisp in ${SECURE_PATH} ; do

145

+			for e ; do [[ $thisp == $e ]] && continue 2 ; done

146

+			newpath+=:$thisp

147

+		done

148

+		SECURE_PATH=${newpath#:}

149

+	}

150

+	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'

151

+

152

+	einfo "... done"

153

+}

154

+

155

+src_configure() {

156

+	local SECURE_PATH

157

+	set_secure_path

158

+

159

+	# audit: somebody got to explain me how I can test this before I

160

+	# enable it.. - Diego

161

+	# plugindir: autoconf code is crappy and does not delay evaluation

162

+	# until `make` time, so we have to use a full path here rather than

163

+	# basing off other values.

164

+	myeconfargs=(

165

+		--enable-zlib=system

166

+		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d

167

+		--with-editor="${EPREFIX}"/usr/libexec/editor

168

+		--with-env-editor

169

+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo

170

+		--with-rundir="${EPREFIX}"/run/sudo

171

+		--with-secure-path="${SECURE_PATH}"

172

+		--with-vardir="${EPREFIX}"/var/db/sudo

173

+		--without-linux-audit

174

+		--without-opie

175

+		$(use_enable gcrypt)

176

+		$(use_enable nls)

177

+		$(use_enable openssl)

178

+		$(use_enable sasl)

179

+		$(use_with offensive insults)

180

+		$(use_with offensive all-insults)

181

+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)

182

+		$(use_with ldap)

183

+		$(use_with pam)

184

+		$(use_with skey)

185

+		$(use_with selinux)

186

+		$(use_with sendmail)

187

+	)

188

+	econf "${myeconfargs[@]}"

189

+}

190

+

191

+src_install() {

192

+	default

193

+

194

+	if use ldap ; then

195

+		dodoc README.LDAP

196

+

197

+		cat <<-EOF > "${T}"/ldap.conf.sudo

198

+		# See ldap.conf(5) and README.LDAP for details

199

+		# This file should only be readable by root

200

+

201

+		# supported directives: host, port, ssl, ldap_version

202

+		# uri, binddn, bindpw, sudoers_base, sudoers_debug

203

+		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}

204

+		EOF

205

+

206

+		insinto /etc

207

+		doins "${T}"/ldap.conf.sudo

208

+		fperms 0440 /etc/ldap.conf.sudo

209

+

210

+		insinto /etc/openldap/schema

211

+		newins doc/schema.OpenLDAP sudo.schema

212

+	fi

213

+

214

+	pamd_mimic system-auth sudo auth account session

215

+

216

+	keepdir /var/db/sudo/lectured

217

+	fperms 0700 /var/db/sudo/lectured

218

+	fperms 0711 /var/db/sudo #652958

219

+

220

+	# Don't install into /run as that is a tmpfs most of the time

221

+	# (bug #504854)

222

+	rm -rf "${ED%/}"/run

223

+}

224

+

225

+pkg_postinst() {

226

+	tmpfiles_process sudo.conf

227

+

228

+	#652958

229

+	local sudo_db="${EROOT}/var/db/sudo"

230

+	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then

231

+		chmod 711 "${sudo_db}" || die

232

+	fi

233

+

234

+	if use ldap ; then

235

+		ewarn

236

+		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."

237

+		ewarn

238

+		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then

239

+			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"

240

+			ewarn "configured in /etc/nsswitch.conf."

241

+			ewarn

242

+			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"

243

+			ewarn "  sudoers: ldap files"

244

+			ewarn

245

+		fi

246

+	fi

247

+	if use prefix ; then

248

+		ewarn

249

+		ewarn "To use sudo, you need to change file ownership and permissions"

250

+		ewarn "with root privileges, as follows:"

251

+		ewarn

252

+		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"

253

+		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"

254

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"

255

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"

256

+		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"

257

+		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"

258

+		ewarn

259

+	fi

260

+

261

+	elog "To use the -A (askpass) option, you need to install a compatible"

262

+	elog "password program from the following list. Starred packages will"

263

+	elog "automatically register for the use with sudo (but will not force"

264

+	elog "the -A option):"

265

+	elog ""

266

+	elog " [*] net-misc/ssh-askpass-fullscreen"

267

+	elog "     net-misc/x11-ssh-askpass"

268

+	elog ""

269

+	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"

270

+	elog "variable to the program you want to use."

271

+}

1	commit: be4400f93587b971ebcd01d910bbb4fea883164d
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Tue Sep 4 06:41:52 2018 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Tue Sep 4 06:41:52 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be4400f9
7
8	app-admin/sudo: Bump to version 1.8.25
9
10	Package-Manager: Portage-2.3.49, Repoman-2.3.10
11
12	app-admin/sudo/Manifest \| 1 +
13	app-admin/sudo/sudo-1.8.25.ebuild \| 240 ++++++++++++++++++++++++++++++++++++++
14	2 files changed, 241 insertions(+)
15
16	diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
17	index 1a15ddba2f3..3bd05ad2d17 100644
18	--- a/app-admin/sudo/Manifest
19	+++ b/app-admin/sudo/Manifest
20	@@ -1,3 +1,4 @@
21	DIST sudo-1.8.22.tar.gz 3029051 BLAKE2B c77e05b6e9cee738902d6289327fb5d34d19833d96597f983d8af01434d224dd698f9257b0965a0e480e8d19eb38eef0c8216942ca5217c3fe7516cdf397f7b7 SHA512 5ce10a9302d25bb726e347499d26a0b3697446cfcdf0fd9094ee35198db7b023d5250a53fdcb4184d1a09f5fd2a78fc645bc8e80f265666b05a91f62f49b0695
22	DIST sudo-1.8.23.tar.gz 3150674 BLAKE2B 11b1c7bfa372005cda8baf651c4662f6fd15e94ca77f7705b23ca6573424796d5c1f8e47e2874c4b54017141d01a632885ac60c92346d932537048373cad0ede SHA512 a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342
23	DIST sudo-1.8.24.tar.gz 3175719 BLAKE2B 61fc469e2d8146b8bb59709192dc33828f0065d4dcf9625e72ae1da9a2c1d6925a0201e5999e146e2e15f5a103ad5690a88fcabb75f57e76b779fe07de53b459 SHA512 ec6295a456a300e81ea2356080d51a57e3eb5d8070d8aab228cece0100ef54954f6c3dd458316b0c2da6839c0d8dab7cdc1a360aceb2594641e064465ecb1ee8
24	+DIST sudo-1.8.25.tar.gz 3189660 BLAKE2B 9eeab3ac4ea67a866071750a8cf19e0753ef1b59187f715c69547bbae8ee0039bf15116ef30ed5dc6fc11b17beeff174e08756b2d701e0f2668a05f2e318f623 SHA512 f3f0c9e315484e5ba2d535f41ab722881343b1fa299f75cfad456bd41a555d80080369677e62626307df792aeabc29ba450e6f0b9c284ea2cfb8dc5e3568f46d
25
26	diff --git a/app-admin/sudo/sudo-1.8.25.ebuild b/app-admin/sudo/sudo-1.8.25.ebuild
27	new file mode 100644
28	index 00000000000..f4ab4527b4f
29	--- /dev/null
30	+++ b/app-admin/sudo/sudo-1.8.25.ebuild
31	@@ -0,0 +1,240 @@
32	+# Copyright 1999-2018 Gentoo Foundation
33	+# Distributed under the terms of the GNU General Public License v2
34	+
35	+EAPI=6
36	+
37	+inherit eutils pam multilib libtool tmpfiles
38	+if [[ ${PV} == "9999" ]] ; then
39	+ EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
40	+ inherit mercurial
41	+fi
42	+
43	+MY_P=${P/_/}
44	+MY_P=${MY_P/beta/b}
45	+
46	+uri_prefix=
47	+case ${P} in
48	+ _beta\|_rc) uri_prefix=beta/ ;;
49	+esac
50	+
51	+DESCRIPTION="Allows users or groups to run commands as other users"
52	+HOMEPAGE="https://www.sudo.ws/"
53	+if [[ ${PV} != "9999" ]] ; then
54	+ SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
55	+ ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
56	+ if [[ ${PV} != _beta ]] && [[ ${PV} != _rc ]] ; then
57	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"
58	+ fi
59	+fi
60	+
61	+# Basic license is ISC-style as-is, some files are released under
62	+# 3-clause BSD license
63	+LICENSE="ISC BSD"
64	+SLOT="0"
65	+IUSE="gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey"
66	+
67	+CDEPEND="
68	+ sys-libs/zlib:=
69	+ gcrypt? ( dev-libs/libgcrypt:= )
70	+ ldap? (
71	+ >=net-nds/openldap-2.1.30-r1
72	+ dev-libs/cyrus-sasl
73	+ )
74	+ openssl? ( dev-libs/openssl:0= )
75	+ pam? ( virtual/pam )
76	+ sasl? ( dev-libs/cyrus-sasl )
77	+ skey? ( >=sys-auth/skey-1.1.5-r1 )
78	+"
79	+RDEPEND="
80	+ ${CDEPEND}
81	+ >=app-misc/editor-wrapper-3
82	+ virtual/editor
83	+ ldap? ( dev-lang/perl )
84	+ pam? ( sys-auth/pambase )
85	+ selinux? ( sec-policy/selinux-sudo )
86	+ sendmail? ( virtual/mta )
87	+"
88	+DEPEND="
89	+ ${CDEPEND}
90	+ sys-devel/bison
91	+"
92	+
93	+S="${WORKDIR}/${MY_P}"
94	+
95	+REQUIRED_USE="
96	+ pam? ( !skey )
97	+ skey? ( !pam )
98	+ ?? ( gcrypt openssl )
99	+"
100	+
101	+MAKEOPTS+=" SAMPLES="
102	+
103	+src_prepare() {
104	+ default
105	+ elibtoolize
106	+}
107	+
108	+set_secure_path() {
109	+ # FIXME: secure_path is a compile time setting. using PATH or
110	+ # ROOTPATH is not perfect, env-update may invalidate this, but until it
111	+ # is available as a sudoers setting this will have to do.
112	+ einfo "Setting secure_path ..."
113	+
114	+ # first extract the default ROOTPATH from build env
115	+ SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
116	+ echo "${ROOTPATH}")
117	+ case "${SECURE_PATH}" in
118	+ /usr/sbin) ;;
119	+ *) SECURE_PATH=$(unset PATH;
120	+ . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
121	+ ;;
122	+ esac
123	+ if [[ -z ${SECURE_PATH} ]] ; then
124	+ ewarn " Failed to detect SECURE_PATH, please report this"
125	+ fi
126	+
127	+ # then remove duplicate path entries
128	+ cleanpath() {
129	+ local newpath thisp IFS=:
130	+ for thisp in $1 ; do
131	+ if [[ :${newpath}: != :${thisp}: ]] ; then
132	+ newpath+=:$thisp
133	+ else
134	+ einfo " Duplicate entry ${thisp} removed..."
135	+ fi
136	+ done
137	+ SECURE_PATH=${newpath#:}
138	+ }
139	+ cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
140	+
141	+ # finally, strip gcc paths #136027
142	+ rmpath() {
143	+ local e newpath thisp IFS=:
144	+ for thisp in ${SECURE_PATH} ; do
145	+ for e ; do [[ $thisp == $e ]] && continue 2 ; done
146	+ newpath+=:$thisp
147	+ done
148	+ SECURE_PATH=${newpath#:}
149	+ }
150	+ rmpath '/gcc-bin/' '/gnat-gcc-bin/' '/gnat-gcc/'
151	+
152	+ einfo "... done"
153	+}
154	+
155	+src_configure() {
156	+ local SECURE_PATH
157	+ set_secure_path
158	+
159	+ # audit: somebody got to explain me how I can test this before I
160	+ # enable it.. - Diego
161	+ # plugindir: autoconf code is crappy and does not delay evaluation
162	+ # until `make` time, so we have to use a full path here rather than
163	+ # basing off other values.
164	+ myeconfargs=(
165	+ --enable-zlib=system
166	+ --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
167	+ --with-editor="${EPREFIX}"/usr/libexec/editor
168	+ --with-env-editor
169	+ --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
170	+ --with-rundir="${EPREFIX}"/run/sudo
171	+ --with-secure-path="${SECURE_PATH}"
172	+ --with-vardir="${EPREFIX}"/var/db/sudo
173	+ --without-linux-audit
174	+ --without-opie
175	+ $(use_enable gcrypt)
176	+ $(use_enable nls)
177	+ $(use_enable openssl)
178	+ $(use_enable sasl)
179	+ $(use_with offensive insults)
180	+ $(use_with offensive all-insults)
181	+ $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
182	+ $(use_with ldap)
183	+ $(use_with pam)
184	+ $(use_with skey)
185	+ $(use_with selinux)
186	+ $(use_with sendmail)
187	+ )
188	+ econf "${myeconfargs[@]}"
189	+}
190	+
191	+src_install() {
192	+ default
193	+
194	+ if use ldap ; then
195	+ dodoc README.LDAP
196	+
197	+ cat <<-EOF > "${T}"/ldap.conf.sudo
198	+ # See ldap.conf(5) and README.LDAP for details
199	+ # This file should only be readable by root
200	+
201	+ # supported directives: host, port, ssl, ldap_version
202	+ # uri, binddn, bindpw, sudoers_base, sudoers_debug
203	+ # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
204	+ EOF
205	+
206	+ insinto /etc
207	+ doins "${T}"/ldap.conf.sudo
208	+ fperms 0440 /etc/ldap.conf.sudo
209	+
210	+ insinto /etc/openldap/schema
211	+ newins doc/schema.OpenLDAP sudo.schema
212	+ fi
213	+
214	+ pamd_mimic system-auth sudo auth account session
215	+
216	+ keepdir /var/db/sudo/lectured
217	+ fperms 0700 /var/db/sudo/lectured
218	+ fperms 0711 /var/db/sudo #652958
219	+
220	+ # Don't install into /run as that is a tmpfs most of the time
221	+ # (bug #504854)
222	+ rm -rf "${ED%/}"/run
223	+}
224	+
225	+pkg_postinst() {
226	+ tmpfiles_process sudo.conf
227	+
228	+ #652958
229	+ local sudo_db="${EROOT}/var/db/sudo"
230	+ if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
231	+ chmod 711 "${sudo_db}" \|\| die
232	+ fi
233	+
234	+ if use ldap ; then
235	+ ewarn
236	+ ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
237	+ ewarn
238	+ if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
239	+ ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
240	+ ewarn "configured in /etc/nsswitch.conf."
241	+ ewarn
242	+ ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
243	+ ewarn " sudoers: ldap files"
244	+ ewarn
245	+ fi
246	+ fi
247	+ if use prefix ; then
248	+ ewarn
249	+ ewarn "To use sudo, you need to change file ownership and permissions"
250	+ ewarn "with root privileges, as follows:"
251	+ ewarn
252	+ ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
253	+ ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
254	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
255	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
256	+ ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
257	+ ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
258	+ ewarn
259	+ fi
260	+
261	+ elog "To use the -A (askpass) option, you need to install a compatible"
262	+ elog "password program from the following list. Starred packages will"
263	+ elog "automatically register for the use with sudo (but will not force"
264	+ elog "the -A option):"
265	+ elog ""
266	+ elog " [*] net-misc/ssh-askpass-fullscreen"
267	+ elog " net-misc/x11-ssh-askpass"
268	+ elog ""
269	+ elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
270	+ elog "variable to the program you want to use."
271	+}

Gentoo Archives: gentoo-commits