[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/
Date:	Sun, 13 Jan 2019 01:10:48
Message-Id:	`1547341831.cf10b506c45d157d4b3396846dc1676f53ce270a.polynomial-c@gentoo`

1

commit:     cf10b506c45d157d4b3396846dc1676f53ce270a

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Sun Jan 13 01:07:39 2019 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Sun Jan 13 01:10:31 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf10b506

7

8

app-admin/sudo: Bump to version 1.8.27

9

10

Package-Manager: Portage-2.3.55, Repoman-2.3.12

11

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

12

13

 app-admin/sudo/Manifest           |   1 +

14

 app-admin/sudo/sudo-1.8.27.ebuild | 242 ++++++++++++++++++++++++++++++++++++++

15

 2 files changed, 243 insertions(+)

16

17

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest

18

index d4d05d03b50..16b53d45656 100644

19

--- a/app-admin/sudo/Manifest

20

+++ b/app-admin/sudo/Manifest

21

@@ -1,2 +1,3 @@

22

 DIST sudo-1.8.25p1.tar.gz 3189951 BLAKE2B ebfedaad62e60f625db8c46a5c8f19977a5ec0a86bab3b34d91096c08e8b8ece056ba312f9fecd4cdd704fc17d49a36681b41cd40269df7c67cd66d80c0d8efb SHA512 b1445be688d3c1dd7efbdfab68977a7a9b6fd6887191dc99ca717117eec0a550492642556cd55ca5873d054ddc5ccc2b87b2c34602e1ffc729ab6fbc4e523a72

23

 DIST sudo-1.8.26.tar.gz 3286368 BLAKE2B 8df947f3dfa32081020b8a19921ea5daf6f9250c1ae34aa29900e85e80669223f28573217cd7e0a28393c6f30aa2117347014aa0cb554f2b85632e335ae790be SHA512 f5596cdf753ffa54f651bb30126e690640125b2ee54e8022f3740bfbe2e5a23e1bee86ce52879e863b9386babbbcf33d3e2882c573995a7d4612e9eea14d8791

24

+DIST sudo-1.8.27.tar.gz 3293178 BLAKE2B 174d63ece5c24309dc0d237fadfc4131243aca333491ffa6dcdb3c44b53cb8149d3bf2f3aea2aa49529ea811d4727a11ac1909305e342b858a4c14f923f12956 SHA512 0480def650ab880ab9e6c51c606a06897fd638f0381e99c038f5aa47d064aaa2fb35b73eee7f86e73185e18d5dbb8b6ba49c616b1785a1edb2dd6d7b2fa4fcac

25

26

diff --git a/app-admin/sudo/sudo-1.8.27.ebuild b/app-admin/sudo/sudo-1.8.27.ebuild

27

new file mode 100644

28

index 00000000000..0cf20f0ea91

29

--- /dev/null

30

+++ b/app-admin/sudo/sudo-1.8.27.ebuild

31

@@ -0,0 +1,242 @@

32

+# Copyright 1999-2019 Gentoo Authors

33

+# Distributed under the terms of the GNU General Public License v2

34

+

35

+EAPI=6

36

+

37

+inherit eutils pam multilib libtool tmpfiles

38

+if [[ ${PV} == "9999" ]] ; then

39

+	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"

40

+	inherit mercurial

41

+fi

42

+

43

+MY_P=${P/_/}

44

+MY_P=${MY_P/beta/b}

45

+

46

+uri_prefix=

47

+case ${P} in

48

+	*_beta*|*_rc*) uri_prefix=beta/ ;;

49

+esac

50

+

51

+DESCRIPTION="Allows users or groups to run commands as other users"

52

+HOMEPAGE="https://www.sudo.ws/"

53

+if [[ ${PV} != "9999" ]] ; then

54

+	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz

55

+		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"

56

+	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then

57

+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"

58

+	fi

59

+fi

60

+

61

+# Basic license is ISC-style as-is, some files are released under

62

+# 3-clause BSD license

63

+LICENSE="ISC BSD"

64

+SLOT="0"

65

+IUSE="gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey sssd"

66

+

67

+CDEPEND="

68

+	sys-libs/zlib:=

69

+	gcrypt? ( dev-libs/libgcrypt:= )

70

+	ldap? (

71

+		>=net-nds/openldap-2.1.30-r1

72

+		dev-libs/cyrus-sasl

73

+	)

74

+	openssl? ( dev-libs/openssl:0= )

75

+	pam? ( virtual/pam )

76

+	sasl? ( dev-libs/cyrus-sasl )

77

+	skey? ( >=sys-auth/skey-1.1.5-r1 )

78

+	sssd? ( sys-auth/sssd[sudo] )

79

+"

80

+RDEPEND="

81

+	${CDEPEND}

82

+	>=app-misc/editor-wrapper-3

83

+	virtual/editor

84

+	ldap? ( dev-lang/perl )

85

+	pam? ( sys-auth/pambase )

86

+	selinux? ( sec-policy/selinux-sudo )

87

+	sendmail? ( virtual/mta )

88

+"

89

+DEPEND="

90

+	${CDEPEND}

91

+	sys-devel/bison

92

+"

93

+

94

+S="${WORKDIR}/${MY_P}"

95

+

96

+REQUIRED_USE="

97

+	pam? ( !skey )

98

+	skey? ( !pam )

99

+	?? ( gcrypt openssl )

100

+"

101

+

102

+MAKEOPTS+=" SAMPLES="

103

+

104

+src_prepare() {

105

+	default

106

+	elibtoolize

107

+}

108

+

109

+set_secure_path() {

110

+	# FIXME: secure_path is a compile time setting. using PATH or

111

+	# ROOTPATH is not perfect, env-update may invalidate this, but until it

112

+	# is available as a sudoers setting this will have to do.

113

+	einfo "Setting secure_path ..."

114

+

115

+	# first extract the default ROOTPATH from build env

116

+	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;

117

+		echo "${ROOTPATH}")

118

+		case "${SECURE_PATH}" in

119

+			*/usr/sbin*) ;;

120

+			*) SECURE_PATH=$(unset PATH;

121

+				. "${EPREFIX}"/etc/profile.env; echo "${PATH}")

122

+				;;

123

+		esac

124

+	if [[ -z ${SECURE_PATH} ]] ; then

125

+		ewarn "	Failed to detect SECURE_PATH, please report this"

126

+	fi

127

+

128

+	# then remove duplicate path entries

129

+	cleanpath() {

130

+		local newpath thisp IFS=:

131

+		for thisp in $1 ; do

132

+			if [[ :${newpath}: != *:${thisp}:* ]] ; then

133

+				newpath+=:$thisp

134

+			else

135

+				einfo "   Duplicate entry ${thisp} removed..."

136

+			fi

137

+		done

138

+		SECURE_PATH=${newpath#:}

139

+	}

140

+	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}

141

+

142

+	# finally, strip gcc paths #136027

143

+	rmpath() {

144

+		local e newpath thisp IFS=:

145

+		for thisp in ${SECURE_PATH} ; do

146

+			for e ; do [[ $thisp == $e ]] && continue 2 ; done

147

+			newpath+=:$thisp

148

+		done

149

+		SECURE_PATH=${newpath#:}

150

+	}

151

+	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'

152

+

153

+	einfo "... done"

154

+}

155

+

156

+src_configure() {

157

+	local SECURE_PATH

158

+	set_secure_path

159

+

160

+	# audit: somebody got to explain me how I can test this before I

161

+	# enable it.. - Diego

162

+	# plugindir: autoconf code is crappy and does not delay evaluation

163

+	# until `make` time, so we have to use a full path here rather than

164

+	# basing off other values.

165

+	myeconfargs=(

166

+		--enable-zlib=system

167

+		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d

168

+		--with-editor="${EPREFIX}"/usr/libexec/editor

169

+		--with-env-editor

170

+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo

171

+		--with-rundir="${EPREFIX}"/run/sudo

172

+		--with-secure-path="${SECURE_PATH}"

173

+		--with-vardir="${EPREFIX}"/var/db/sudo

174

+		--without-linux-audit

175

+		--without-opie

176

+		$(use_enable gcrypt)

177

+		$(use_enable nls)

178

+		$(use_enable openssl)

179

+		$(use_enable sasl)

180

+		$(use_with offensive insults)

181

+		$(use_with offensive all-insults)

182

+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)

183

+		$(use_with ldap)

184

+		$(use_with pam)

185

+		$(use_with skey)

186

+		$(use_with sssd)

187

+		$(use_with selinux)

188

+		$(use_with sendmail)

189

+	)

190

+	econf "${myeconfargs[@]}"

191

+}

192

+

193

+src_install() {

194

+	default

195

+

196

+	if use ldap ; then

197

+		dodoc README.LDAP

198

+

199

+		cat <<-EOF > "${T}"/ldap.conf.sudo

200

+		# See ldap.conf(5) and README.LDAP for details

201

+		# This file should only be readable by root

202

+

203

+		# supported directives: host, port, ssl, ldap_version

204

+		# uri, binddn, bindpw, sudoers_base, sudoers_debug

205

+		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}

206

+		EOF

207

+

208

+		insinto /etc

209

+		doins "${T}"/ldap.conf.sudo

210

+		fperms 0440 /etc/ldap.conf.sudo

211

+

212

+		insinto /etc/openldap/schema

213

+		newins doc/schema.OpenLDAP sudo.schema

214

+	fi

215

+

216

+	pamd_mimic system-auth sudo auth account session

217

+

218

+	keepdir /var/db/sudo/lectured

219

+	fperms 0700 /var/db/sudo/lectured

220

+	fperms 0711 /var/db/sudo #652958

221

+

222

+	# Don't install into /run as that is a tmpfs most of the time

223

+	# (bug #504854)

224

+	rm -rf "${ED%/}"/run

225

+}

226

+

227

+pkg_postinst() {

228

+	tmpfiles_process sudo.conf

229

+

230

+	#652958

231

+	local sudo_db="${EROOT}/var/db/sudo"

232

+	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then

233

+		chmod 711 "${sudo_db}" || die

234

+	fi

235

+

236

+	if use ldap ; then

237

+		ewarn

238

+		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."

239

+		ewarn

240

+		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then

241

+			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"

242

+			ewarn "configured in /etc/nsswitch.conf."

243

+			ewarn

244

+			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"

245

+			ewarn "  sudoers: ldap files"

246

+			ewarn

247

+		fi

248

+	fi

249

+	if use prefix ; then

250

+		ewarn

251

+		ewarn "To use sudo, you need to change file ownership and permissions"

252

+		ewarn "with root privileges, as follows:"

253

+		ewarn

254

+		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"

255

+		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"

256

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"

257

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"

258

+		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"

259

+		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"

260

+		ewarn

261

+	fi

262

+

263

+	elog "To use the -A (askpass) option, you need to install a compatible"

264

+	elog "password program from the following list. Starred packages will"

265

+	elog "automatically register for the use with sudo (but will not force"

266

+	elog "the -A option):"

267

+	elog ""

268

+	elog " [*] net-misc/ssh-askpass-fullscreen"

269

+	elog "     net-misc/x11-ssh-askpass"

270

+	elog ""

271

+	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"

272

+	elog "variable to the program you want to use."

273

+}

1	commit: cf10b506c45d157d4b3396846dc1676f53ce270a
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Sun Jan 13 01:07:39 2019 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Sun Jan 13 01:10:31 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf10b506
7
8	app-admin/sudo: Bump to version 1.8.27
9
10	Package-Manager: Portage-2.3.55, Repoman-2.3.12
11	Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
12
13	app-admin/sudo/Manifest \| 1 +
14	app-admin/sudo/sudo-1.8.27.ebuild \| 242 ++++++++++++++++++++++++++++++++++++++
15	2 files changed, 243 insertions(+)
16
17	diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
18	index d4d05d03b50..16b53d45656 100644
19	--- a/app-admin/sudo/Manifest
20	+++ b/app-admin/sudo/Manifest
21	@@ -1,2 +1,3 @@
22	DIST sudo-1.8.25p1.tar.gz 3189951 BLAKE2B ebfedaad62e60f625db8c46a5c8f19977a5ec0a86bab3b34d91096c08e8b8ece056ba312f9fecd4cdd704fc17d49a36681b41cd40269df7c67cd66d80c0d8efb SHA512 b1445be688d3c1dd7efbdfab68977a7a9b6fd6887191dc99ca717117eec0a550492642556cd55ca5873d054ddc5ccc2b87b2c34602e1ffc729ab6fbc4e523a72
23	DIST sudo-1.8.26.tar.gz 3286368 BLAKE2B 8df947f3dfa32081020b8a19921ea5daf6f9250c1ae34aa29900e85e80669223f28573217cd7e0a28393c6f30aa2117347014aa0cb554f2b85632e335ae790be SHA512 f5596cdf753ffa54f651bb30126e690640125b2ee54e8022f3740bfbe2e5a23e1bee86ce52879e863b9386babbbcf33d3e2882c573995a7d4612e9eea14d8791
24	+DIST sudo-1.8.27.tar.gz 3293178 BLAKE2B 174d63ece5c24309dc0d237fadfc4131243aca333491ffa6dcdb3c44b53cb8149d3bf2f3aea2aa49529ea811d4727a11ac1909305e342b858a4c14f923f12956 SHA512 0480def650ab880ab9e6c51c606a06897fd638f0381e99c038f5aa47d064aaa2fb35b73eee7f86e73185e18d5dbb8b6ba49c616b1785a1edb2dd6d7b2fa4fcac
25
26	diff --git a/app-admin/sudo/sudo-1.8.27.ebuild b/app-admin/sudo/sudo-1.8.27.ebuild
27	new file mode 100644
28	index 00000000000..0cf20f0ea91
29	--- /dev/null
30	+++ b/app-admin/sudo/sudo-1.8.27.ebuild
31	@@ -0,0 +1,242 @@
32	+# Copyright 1999-2019 Gentoo Authors
33	+# Distributed under the terms of the GNU General Public License v2
34	+
35	+EAPI=6
36	+
37	+inherit eutils pam multilib libtool tmpfiles
38	+if [[ ${PV} == "9999" ]] ; then
39	+ EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
40	+ inherit mercurial
41	+fi
42	+
43	+MY_P=${P/_/}
44	+MY_P=${MY_P/beta/b}
45	+
46	+uri_prefix=
47	+case ${P} in
48	+ _beta\|_rc) uri_prefix=beta/ ;;
49	+esac
50	+
51	+DESCRIPTION="Allows users or groups to run commands as other users"
52	+HOMEPAGE="https://www.sudo.ws/"
53	+if [[ ${PV} != "9999" ]] ; then
54	+ SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
55	+ ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
56	+ if [[ ${PV} != _beta ]] && [[ ${PV} != _rc ]] ; then
57	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"
58	+ fi
59	+fi
60	+
61	+# Basic license is ISC-style as-is, some files are released under
62	+# 3-clause BSD license
63	+LICENSE="ISC BSD"
64	+SLOT="0"
65	+IUSE="gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey sssd"
66	+
67	+CDEPEND="
68	+ sys-libs/zlib:=
69	+ gcrypt? ( dev-libs/libgcrypt:= )
70	+ ldap? (
71	+ >=net-nds/openldap-2.1.30-r1
72	+ dev-libs/cyrus-sasl
73	+ )
74	+ openssl? ( dev-libs/openssl:0= )
75	+ pam? ( virtual/pam )
76	+ sasl? ( dev-libs/cyrus-sasl )
77	+ skey? ( >=sys-auth/skey-1.1.5-r1 )
78	+ sssd? ( sys-auth/sssd[sudo] )
79	+"
80	+RDEPEND="
81	+ ${CDEPEND}
82	+ >=app-misc/editor-wrapper-3
83	+ virtual/editor
84	+ ldap? ( dev-lang/perl )
85	+ pam? ( sys-auth/pambase )
86	+ selinux? ( sec-policy/selinux-sudo )
87	+ sendmail? ( virtual/mta )
88	+"
89	+DEPEND="
90	+ ${CDEPEND}
91	+ sys-devel/bison
92	+"
93	+
94	+S="${WORKDIR}/${MY_P}"
95	+
96	+REQUIRED_USE="
97	+ pam? ( !skey )
98	+ skey? ( !pam )
99	+ ?? ( gcrypt openssl )
100	+"
101	+
102	+MAKEOPTS+=" SAMPLES="
103	+
104	+src_prepare() {
105	+ default
106	+ elibtoolize
107	+}
108	+
109	+set_secure_path() {
110	+ # FIXME: secure_path is a compile time setting. using PATH or
111	+ # ROOTPATH is not perfect, env-update may invalidate this, but until it
112	+ # is available as a sudoers setting this will have to do.
113	+ einfo "Setting secure_path ..."
114	+
115	+ # first extract the default ROOTPATH from build env
116	+ SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
117	+ echo "${ROOTPATH}")
118	+ case "${SECURE_PATH}" in
119	+ /usr/sbin) ;;
120	+ *) SECURE_PATH=$(unset PATH;
121	+ . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
122	+ ;;
123	+ esac
124	+ if [[ -z ${SECURE_PATH} ]] ; then
125	+ ewarn " Failed to detect SECURE_PATH, please report this"
126	+ fi
127	+
128	+ # then remove duplicate path entries
129	+ cleanpath() {
130	+ local newpath thisp IFS=:
131	+ for thisp in $1 ; do
132	+ if [[ :${newpath}: != :${thisp}: ]] ; then
133	+ newpath+=:$thisp
134	+ else
135	+ einfo " Duplicate entry ${thisp} removed..."
136	+ fi
137	+ done
138	+ SECURE_PATH=${newpath#:}
139	+ }
140	+ cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
141	+
142	+ # finally, strip gcc paths #136027
143	+ rmpath() {
144	+ local e newpath thisp IFS=:
145	+ for thisp in ${SECURE_PATH} ; do
146	+ for e ; do [[ $thisp == $e ]] && continue 2 ; done
147	+ newpath+=:$thisp
148	+ done
149	+ SECURE_PATH=${newpath#:}
150	+ }
151	+ rmpath '/gcc-bin/' '/gnat-gcc-bin/' '/gnat-gcc/'
152	+
153	+ einfo "... done"
154	+}
155	+
156	+src_configure() {
157	+ local SECURE_PATH
158	+ set_secure_path
159	+
160	+ # audit: somebody got to explain me how I can test this before I
161	+ # enable it.. - Diego
162	+ # plugindir: autoconf code is crappy and does not delay evaluation
163	+ # until `make` time, so we have to use a full path here rather than
164	+ # basing off other values.
165	+ myeconfargs=(
166	+ --enable-zlib=system
167	+ --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
168	+ --with-editor="${EPREFIX}"/usr/libexec/editor
169	+ --with-env-editor
170	+ --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
171	+ --with-rundir="${EPREFIX}"/run/sudo
172	+ --with-secure-path="${SECURE_PATH}"
173	+ --with-vardir="${EPREFIX}"/var/db/sudo
174	+ --without-linux-audit
175	+ --without-opie
176	+ $(use_enable gcrypt)
177	+ $(use_enable nls)
178	+ $(use_enable openssl)
179	+ $(use_enable sasl)
180	+ $(use_with offensive insults)
181	+ $(use_with offensive all-insults)
182	+ $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
183	+ $(use_with ldap)
184	+ $(use_with pam)
185	+ $(use_with skey)
186	+ $(use_with sssd)
187	+ $(use_with selinux)
188	+ $(use_with sendmail)
189	+ )
190	+ econf "${myeconfargs[@]}"
191	+}
192	+
193	+src_install() {
194	+ default
195	+
196	+ if use ldap ; then
197	+ dodoc README.LDAP
198	+
199	+ cat <<-EOF > "${T}"/ldap.conf.sudo
200	+ # See ldap.conf(5) and README.LDAP for details
201	+ # This file should only be readable by root
202	+
203	+ # supported directives: host, port, ssl, ldap_version
204	+ # uri, binddn, bindpw, sudoers_base, sudoers_debug
205	+ # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
206	+ EOF
207	+
208	+ insinto /etc
209	+ doins "${T}"/ldap.conf.sudo
210	+ fperms 0440 /etc/ldap.conf.sudo
211	+
212	+ insinto /etc/openldap/schema
213	+ newins doc/schema.OpenLDAP sudo.schema
214	+ fi
215	+
216	+ pamd_mimic system-auth sudo auth account session
217	+
218	+ keepdir /var/db/sudo/lectured
219	+ fperms 0700 /var/db/sudo/lectured
220	+ fperms 0711 /var/db/sudo #652958
221	+
222	+ # Don't install into /run as that is a tmpfs most of the time
223	+ # (bug #504854)
224	+ rm -rf "${ED%/}"/run
225	+}
226	+
227	+pkg_postinst() {
228	+ tmpfiles_process sudo.conf
229	+
230	+ #652958
231	+ local sudo_db="${EROOT}/var/db/sudo"
232	+ if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
233	+ chmod 711 "${sudo_db}" \|\| die
234	+ fi
235	+
236	+ if use ldap ; then
237	+ ewarn
238	+ ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
239	+ ewarn
240	+ if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
241	+ ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
242	+ ewarn "configured in /etc/nsswitch.conf."
243	+ ewarn
244	+ ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
245	+ ewarn " sudoers: ldap files"
246	+ ewarn
247	+ fi
248	+ fi
249	+ if use prefix ; then
250	+ ewarn
251	+ ewarn "To use sudo, you need to change file ownership and permissions"
252	+ ewarn "with root privileges, as follows:"
253	+ ewarn
254	+ ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
255	+ ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
256	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
257	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
258	+ ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
259	+ ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
260	+ ewarn
261	+ fi
262	+
263	+ elog "To use the -A (askpass) option, you need to install a compatible"
264	+ elog "password program from the following list. Starred packages will"
265	+ elog "automatically register for the use with sudo (but will not force"
266	+ elog "the -A option):"
267	+ elog ""
268	+ elog " [*] net-misc/ssh-askpass-fullscreen"
269	+ elog " net-misc/x11-ssh-askpass"
270	+ elog ""
271	+ elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
272	+ elog "variable to the program you want to use."
273	+}

Gentoo Archives: gentoo-commits