1 |
commit: 03d06c7ba9388d0eb030e711f7b350419f2c6b85 |
2 |
Author: Stefan Strogin <stefan.strogin <AT> gmail <DOT> com> |
3 |
AuthorDate: Sun Mar 3 02:35:00 2019 +0000 |
4 |
Commit: Stefan Strogin <stefan.strogin <AT> gmail <DOT> com> |
5 |
CommitDate: Sun Mar 3 02:35:00 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=03d06c7b |
7 |
|
8 |
app-admin/sudo: drop; fixed in gentoo.git |
9 |
|
10 |
Bug: https://bugs.gentoo.org/678888 |
11 |
Package-Manager: Portage-2.3.62, Repoman-2.3.12 |
12 |
Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com> |
13 |
|
14 |
app-admin/sudo/Manifest | 2 - |
15 |
app-admin/sudo/metadata.xml | 24 ---- |
16 |
app-admin/sudo/sudo-1.8.23-r1.ebuild | 234 ------------------------------ |
17 |
app-admin/sudo/sudo-1.8.23.ebuild | 227 ----------------------------- |
18 |
app-admin/sudo/sudo-1.8.25_p1-r1.ebuild | 245 -------------------------------- |
19 |
5 files changed, 732 deletions(-) |
20 |
|
21 |
diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest |
22 |
deleted file mode 100644 |
23 |
index 6843d0a..0000000 |
24 |
--- a/app-admin/sudo/Manifest |
25 |
+++ /dev/null |
26 |
@@ -1,2 +0,0 @@ |
27 |
-DIST sudo-1.8.23.tar.gz 3150674 BLAKE2B 11b1c7bfa372005cda8baf651c4662f6fd15e94ca77f7705b23ca6573424796d5c1f8e47e2874c4b54017141d01a632885ac60c92346d932537048373cad0ede SHA512 a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342 |
28 |
-DIST sudo-1.8.25p1.tar.gz 3189951 BLAKE2B ebfedaad62e60f625db8c46a5c8f19977a5ec0a86bab3b34d91096c08e8b8ece056ba312f9fecd4cdd704fc17d49a36681b41cd40269df7c67cd66d80c0d8efb SHA512 b1445be688d3c1dd7efbdfab68977a7a9b6fd6887191dc99ca717117eec0a550492642556cd55ca5873d054ddc5ccc2b87b2c34602e1ffc729ab6fbc4e523a72 |
29 |
|
30 |
diff --git a/app-admin/sudo/metadata.xml b/app-admin/sudo/metadata.xml |
31 |
deleted file mode 100644 |
32 |
index 66a7847..0000000 |
33 |
--- a/app-admin/sudo/metadata.xml |
34 |
+++ /dev/null |
35 |
@@ -1,24 +0,0 @@ |
36 |
-<?xml version="1.0" encoding="UTF-8"?> |
37 |
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
38 |
-<pkgmetadata> |
39 |
- <maintainer type="project"> |
40 |
- <email>base-system@g.o</email> |
41 |
- <name>Gentoo Base System</name> |
42 |
- </maintainer> |
43 |
- <longdescription lang="en"> |
44 |
- Sudo (superuser do) allows a system administrator to give certain |
45 |
- users (or groups of users) the ability to run some (or all) |
46 |
- commands as root or another user while logging the commands and |
47 |
- arguments. |
48 |
- </longdescription> |
49 |
- <use> |
50 |
- <flag name="gcrypt">Use SHA2 from <pkg>dev-libs/libgcrypt</pkg> instead of sudo's internal SHA2</flag> |
51 |
- <flag name="offensive">Let sudo print insults when the user types the wrong password</flag> |
52 |
- <flag name="openssl">Use SHA2 from <pkg>dev-libs/openssl</pkg> instead of sudo's internal SHA2</flag> |
53 |
- <flag name="sendmail">Allow sudo to send emails with sendmail</flag> |
54 |
- <flag name="sssd">Add System Security Services Daemon support</flag> |
55 |
- </use> |
56 |
- <upstream> |
57 |
- <remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id> |
58 |
- </upstream> |
59 |
-</pkgmetadata> |
60 |
|
61 |
diff --git a/app-admin/sudo/sudo-1.8.23-r1.ebuild b/app-admin/sudo/sudo-1.8.23-r1.ebuild |
62 |
deleted file mode 100644 |
63 |
index 9aaaa42..0000000 |
64 |
--- a/app-admin/sudo/sudo-1.8.23-r1.ebuild |
65 |
+++ /dev/null |
66 |
@@ -1,234 +0,0 @@ |
67 |
-# Copyright 1999-2018 Gentoo Foundation |
68 |
-# Distributed under the terms of the GNU General Public License v2 |
69 |
- |
70 |
-EAPI=6 |
71 |
- |
72 |
-inherit eutils pam multilib libtool |
73 |
- |
74 |
-MY_P=${P/_/} |
75 |
-MY_P=${MY_P/beta/b} |
76 |
- |
77 |
-uri_prefix= |
78 |
-case ${P} in |
79 |
- *_beta*|*_rc*) uri_prefix=beta/ ;; |
80 |
-esac |
81 |
- |
82 |
-DESCRIPTION="Allows users or groups to run commands as other users" |
83 |
-HOMEPAGE="https://www.sudo.ws/" |
84 |
-SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz |
85 |
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" |
86 |
- |
87 |
-# Basic license is ISC-style as-is, some files are released under |
88 |
-# 3-clause BSD license |
89 |
-LICENSE="ISC BSD" |
90 |
-SLOT="0" |
91 |
-if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then |
92 |
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris" |
93 |
-fi |
94 |
-IUSE="gcrypt ldap libressl nls pam offensive openssl sasl selinux +sendmail skey" |
95 |
- |
96 |
-CDEPEND=" |
97 |
- gcrypt? ( dev-libs/libgcrypt:= ) |
98 |
- openssl? ( |
99 |
- !libressl? ( dev-libs/openssl:0= ) |
100 |
- libressl? ( dev-libs/libressl:0= ) |
101 |
- ) |
102 |
- pam? ( virtual/pam ) |
103 |
- sasl? ( dev-libs/cyrus-sasl ) |
104 |
- skey? ( >=sys-auth/skey-1.1.5-r1 ) |
105 |
- ldap? ( |
106 |
- >=net-nds/openldap-2.1.30-r1 |
107 |
- dev-libs/cyrus-sasl |
108 |
- ) |
109 |
- sys-libs/zlib |
110 |
-" |
111 |
-RDEPEND=" |
112 |
- ${CDEPEND} |
113 |
- selinux? ( sec-policy/selinux-sudo ) |
114 |
- ldap? ( dev-lang/perl ) |
115 |
- pam? ( sys-auth/pambase ) |
116 |
- >=app-misc/editor-wrapper-3 |
117 |
- virtual/editor |
118 |
- sendmail? ( virtual/mta ) |
119 |
-" |
120 |
-DEPEND=" |
121 |
- ${CDEPEND} |
122 |
- sys-devel/bison |
123 |
-" |
124 |
- |
125 |
-S="${WORKDIR}/${MY_P}" |
126 |
- |
127 |
-REQUIRED_USE=" |
128 |
- pam? ( !skey ) |
129 |
- skey? ( !pam ) |
130 |
- ?? ( gcrypt openssl ) |
131 |
-" |
132 |
- |
133 |
-MAKEOPTS+=" SAMPLES=" |
134 |
- |
135 |
-src_prepare() { |
136 |
- default |
137 |
- elibtoolize |
138 |
-} |
139 |
- |
140 |
-set_secure_path() { |
141 |
- # FIXME: secure_path is a compile time setting. using PATH or |
142 |
- # ROOTPATH is not perfect, env-update may invalidate this, but until it |
143 |
- # is available as a sudoers setting this will have to do. |
144 |
- einfo "Setting secure_path ..." |
145 |
- |
146 |
- # first extract the default ROOTPATH from build env |
147 |
- SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; |
148 |
- echo "${ROOTPATH}") |
149 |
- case "${SECURE_PATH}" in |
150 |
- */usr/sbin*) ;; |
151 |
- *) SECURE_PATH=$(unset PATH; |
152 |
- . "${EPREFIX}"/etc/profile.env; echo "${PATH}") |
153 |
- ;; |
154 |
- esac |
155 |
- if [[ -z ${SECURE_PATH} ]] ; then |
156 |
- ewarn " Failed to detect SECURE_PATH, please report this" |
157 |
- fi |
158 |
- |
159 |
- # then remove duplicate path entries |
160 |
- cleanpath() { |
161 |
- local newpath thisp IFS=: |
162 |
- for thisp in $1 ; do |
163 |
- if [[ :${newpath}: != *:${thisp}:* ]] ; then |
164 |
- newpath+=:$thisp |
165 |
- else |
166 |
- einfo " Duplicate entry ${thisp} removed..." |
167 |
- fi |
168 |
- done |
169 |
- SECURE_PATH=${newpath#:} |
170 |
- } |
171 |
- cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}} |
172 |
- |
173 |
- # finally, strip gcc paths #136027 |
174 |
- rmpath() { |
175 |
- local e newpath thisp IFS=: |
176 |
- for thisp in ${SECURE_PATH} ; do |
177 |
- for e ; do [[ $thisp == $e ]] && continue 2 ; done |
178 |
- newpath+=:$thisp |
179 |
- done |
180 |
- SECURE_PATH=${newpath#:} |
181 |
- } |
182 |
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' |
183 |
- |
184 |
- einfo "... done" |
185 |
-} |
186 |
- |
187 |
-src_configure() { |
188 |
- local SECURE_PATH |
189 |
- set_secure_path |
190 |
- |
191 |
- # audit: somebody got to explain me how I can test this before I |
192 |
- # enable it.. - Diego |
193 |
- # plugindir: autoconf code is crappy and does not delay evaluation |
194 |
- # until `make` time, so we have to use a full path here rather than |
195 |
- # basing off other values. |
196 |
- myeconfargs=( |
197 |
- --enable-zlib=system |
198 |
- --with-editor="${EPREFIX}"/usr/libexec/editor |
199 |
- --with-env-editor |
200 |
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo |
201 |
- --with-rundir="${EPREFIX}"/var/run/sudo |
202 |
- --with-secure-path="${SECURE_PATH}" |
203 |
- --with-vardir="${EPREFIX}"/var/db/sudo |
204 |
- --without-linux-audit |
205 |
- --without-opie |
206 |
- $(use_enable gcrypt) |
207 |
- $(use_enable nls) |
208 |
- $(use_enable openssl) |
209 |
- $(use_enable sasl) |
210 |
- $(use_with offensive insults) |
211 |
- $(use_with offensive all-insults) |
212 |
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) |
213 |
- $(use_with ldap) |
214 |
- $(use_with pam) |
215 |
- $(use_with skey) |
216 |
- $(use_with selinux) |
217 |
- $(use_with sendmail) |
218 |
- ) |
219 |
- econf "${myeconfargs[@]}" |
220 |
-} |
221 |
- |
222 |
-src_install() { |
223 |
- default |
224 |
- |
225 |
- if use ldap ; then |
226 |
- dodoc README.LDAP |
227 |
- |
228 |
- cat <<-EOF > "${T}"/ldap.conf.sudo |
229 |
- # See ldap.conf(5) and README.LDAP for details |
230 |
- # This file should only be readable by root |
231 |
- |
232 |
- # supported directives: host, port, ssl, ldap_version |
233 |
- # uri, binddn, bindpw, sudoers_base, sudoers_debug |
234 |
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key} |
235 |
- EOF |
236 |
- |
237 |
- insinto /etc |
238 |
- doins "${T}"/ldap.conf.sudo |
239 |
- fperms 0440 /etc/ldap.conf.sudo |
240 |
- |
241 |
- insinto /etc/openldap/schema |
242 |
- newins doc/schema.OpenLDAP sudo.schema |
243 |
- fi |
244 |
- |
245 |
- pamd_mimic system-auth sudo auth account session |
246 |
- |
247 |
- keepdir /var/db/sudo/lectured |
248 |
- fperms 0700 /var/db/sudo/lectured |
249 |
- fperms 0711 /var/db/sudo #652958 |
250 |
- |
251 |
- # Don't install into /var/run as that is a tmpfs most of the time |
252 |
- # (bug #504854) |
253 |
- rm -rf "${ED}"/var/run |
254 |
-} |
255 |
- |
256 |
-pkg_postinst() { |
257 |
- #652958 |
258 |
- local sudo_db="${EROOT}/var/db/sudo" |
259 |
- if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then |
260 |
- chmod 711 "${sudo_db}" || die |
261 |
- fi |
262 |
- |
263 |
- if use ldap ; then |
264 |
- ewarn |
265 |
- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." |
266 |
- ewarn |
267 |
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then |
268 |
- ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" |
269 |
- ewarn "configured in /etc/nsswitch.conf." |
270 |
- ewarn |
271 |
- ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" |
272 |
- ewarn " sudoers: ldap files" |
273 |
- ewarn |
274 |
- fi |
275 |
- fi |
276 |
- if use prefix ; then |
277 |
- ewarn |
278 |
- ewarn "To use sudo, you need to change file ownership and permissions" |
279 |
- ewarn "with root privileges, as follows:" |
280 |
- ewarn |
281 |
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" |
282 |
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" |
283 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers" |
284 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" |
285 |
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo" |
286 |
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" |
287 |
- ewarn |
288 |
- fi |
289 |
- |
290 |
- elog "To use the -A (askpass) option, you need to install a compatible" |
291 |
- elog "password program from the following list. Starred packages will" |
292 |
- elog "automatically register for the use with sudo (but will not force" |
293 |
- elog "the -A option):" |
294 |
- elog "" |
295 |
- elog " [*] net-misc/ssh-askpass-fullscreen" |
296 |
- elog " net-misc/x11-ssh-askpass" |
297 |
- elog "" |
298 |
- elog "You can override the choice by setting the SUDO_ASKPASS environmnent" |
299 |
- elog "variable to the program you want to use." |
300 |
-} |
301 |
|
302 |
diff --git a/app-admin/sudo/sudo-1.8.23.ebuild b/app-admin/sudo/sudo-1.8.23.ebuild |
303 |
deleted file mode 100644 |
304 |
index 02ef83a..0000000 |
305 |
--- a/app-admin/sudo/sudo-1.8.23.ebuild |
306 |
+++ /dev/null |
307 |
@@ -1,227 +0,0 @@ |
308 |
-# Copyright 1999-2018 Gentoo Foundation |
309 |
-# Distributed under the terms of the GNU General Public License v2 |
310 |
- |
311 |
-EAPI=6 |
312 |
- |
313 |
-inherit eutils pam multilib libtool |
314 |
- |
315 |
-MY_P=${P/_/} |
316 |
-MY_P=${MY_P/beta/b} |
317 |
- |
318 |
-uri_prefix= |
319 |
-case ${P} in |
320 |
- *_beta*|*_rc*) uri_prefix=beta/ ;; |
321 |
-esac |
322 |
- |
323 |
-DESCRIPTION="Allows users or groups to run commands as other users" |
324 |
-HOMEPAGE="https://www.sudo.ws/" |
325 |
-SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz |
326 |
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" |
327 |
- |
328 |
-# Basic license is ISC-style as-is, some files are released under |
329 |
-# 3-clause BSD license |
330 |
-LICENSE="ISC BSD" |
331 |
-SLOT="0" |
332 |
-if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then |
333 |
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris" |
334 |
-fi |
335 |
-IUSE="gcrypt ldap libressl nls pam offensive openssl sasl selinux +sendmail skey" |
336 |
- |
337 |
-CDEPEND=" |
338 |
- gcrypt? ( dev-libs/libgcrypt:= ) |
339 |
- openssl? ( |
340 |
- !libressl? ( dev-libs/openssl:0= ) |
341 |
- libressl? ( dev-libs/libressl:0= ) |
342 |
- ) |
343 |
- pam? ( virtual/pam ) |
344 |
- sasl? ( dev-libs/cyrus-sasl ) |
345 |
- skey? ( >=sys-auth/skey-1.1.5-r1 ) |
346 |
- ldap? ( |
347 |
- >=net-nds/openldap-2.1.30-r1 |
348 |
- dev-libs/cyrus-sasl |
349 |
- ) |
350 |
- sys-libs/zlib |
351 |
-" |
352 |
-RDEPEND=" |
353 |
- ${CDEPEND} |
354 |
- selinux? ( sec-policy/selinux-sudo ) |
355 |
- ldap? ( dev-lang/perl ) |
356 |
- pam? ( sys-auth/pambase ) |
357 |
- >=app-misc/editor-wrapper-3 |
358 |
- virtual/editor |
359 |
- sendmail? ( virtual/mta ) |
360 |
-" |
361 |
-DEPEND=" |
362 |
- ${CDEPEND} |
363 |
- sys-devel/bison |
364 |
-" |
365 |
- |
366 |
-S="${WORKDIR}/${MY_P}" |
367 |
- |
368 |
-REQUIRED_USE=" |
369 |
- pam? ( !skey ) |
370 |
- skey? ( !pam ) |
371 |
- ?? ( gcrypt openssl ) |
372 |
-" |
373 |
- |
374 |
-MAKEOPTS+=" SAMPLES=" |
375 |
- |
376 |
-src_prepare() { |
377 |
- default |
378 |
- elibtoolize |
379 |
-} |
380 |
- |
381 |
-set_rootpath() { |
382 |
- # FIXME: secure_path is a compile time setting. using ROOTPATH |
383 |
- # is not perfect, env-update may invalidate this, but until it |
384 |
- # is available as a sudoers setting this will have to do. |
385 |
- einfo "Setting secure_path ..." |
386 |
- |
387 |
- # first extract the default ROOTPATH from build env |
388 |
- ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}") |
389 |
- if [[ -z ${ROOTPATH} ]] ; then |
390 |
- ewarn " Failed to find ROOTPATH, please report this" |
391 |
- fi |
392 |
- |
393 |
- # then remove duplicate path entries |
394 |
- cleanpath() { |
395 |
- local newpath thisp IFS=: |
396 |
- for thisp in $1 ; do |
397 |
- if [[ :${newpath}: != *:${thisp}:* ]] ; then |
398 |
- newpath+=:$thisp |
399 |
- else |
400 |
- einfo " Duplicate entry ${thisp} removed..." |
401 |
- fi |
402 |
- done |
403 |
- ROOTPATH=${newpath#:} |
404 |
- } |
405 |
- cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}} |
406 |
- |
407 |
- # finally, strip gcc paths #136027 |
408 |
- rmpath() { |
409 |
- local e newpath thisp IFS=: |
410 |
- for thisp in ${ROOTPATH} ; do |
411 |
- for e ; do [[ $thisp == $e ]] && continue 2 ; done |
412 |
- newpath+=:$thisp |
413 |
- done |
414 |
- ROOTPATH=${newpath#:} |
415 |
- } |
416 |
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' |
417 |
- |
418 |
- einfo "... done" |
419 |
-} |
420 |
- |
421 |
-src_configure() { |
422 |
- local ROOTPATH |
423 |
- set_rootpath |
424 |
- |
425 |
- # audit: somebody got to explain me how I can test this before I |
426 |
- # enable it.. - Diego |
427 |
- # plugindir: autoconf code is crappy and does not delay evaluation |
428 |
- # until `make` time, so we have to use a full path here rather than |
429 |
- # basing off other values. |
430 |
- myeconfargs=( |
431 |
- --enable-zlib=system |
432 |
- --with-editor="${EPREFIX}"/usr/libexec/editor |
433 |
- --with-env-editor |
434 |
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo |
435 |
- --with-rundir="${EPREFIX}"/var/run/sudo |
436 |
- --with-secure-path="${ROOTPATH}" |
437 |
- --with-vardir="${EPREFIX}"/var/db/sudo |
438 |
- --without-linux-audit |
439 |
- --without-opie |
440 |
- $(use_enable gcrypt) |
441 |
- $(use_enable nls) |
442 |
- $(use_enable openssl) |
443 |
- $(use_enable sasl) |
444 |
- $(use_with offensive insults) |
445 |
- $(use_with offensive all-insults) |
446 |
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) |
447 |
- $(use_with ldap) |
448 |
- $(use_with pam) |
449 |
- $(use_with skey) |
450 |
- $(use_with selinux) |
451 |
- $(use_with sendmail) |
452 |
- ) |
453 |
- econf "${myeconfargs[@]}" |
454 |
-} |
455 |
- |
456 |
-src_install() { |
457 |
- default |
458 |
- |
459 |
- if use ldap ; then |
460 |
- dodoc README.LDAP |
461 |
- |
462 |
- cat <<-EOF > "${T}"/ldap.conf.sudo |
463 |
- # See ldap.conf(5) and README.LDAP for details |
464 |
- # This file should only be readable by root |
465 |
- |
466 |
- # supported directives: host, port, ssl, ldap_version |
467 |
- # uri, binddn, bindpw, sudoers_base, sudoers_debug |
468 |
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key} |
469 |
- EOF |
470 |
- |
471 |
- insinto /etc |
472 |
- doins "${T}"/ldap.conf.sudo |
473 |
- fperms 0440 /etc/ldap.conf.sudo |
474 |
- |
475 |
- insinto /etc/openldap/schema |
476 |
- newins doc/schema.OpenLDAP sudo.schema |
477 |
- fi |
478 |
- |
479 |
- pamd_mimic system-auth sudo auth account session |
480 |
- |
481 |
- keepdir /var/db/sudo/lectured |
482 |
- fperms 0700 /var/db/sudo/lectured |
483 |
- fperms 0711 /var/db/sudo #652958 |
484 |
- |
485 |
- # Don't install into /var/run as that is a tmpfs most of the time |
486 |
- # (bug #504854) |
487 |
- rm -rf "${ED}"/var/run |
488 |
-} |
489 |
- |
490 |
-pkg_postinst() { |
491 |
- #652958 |
492 |
- local sudo_db="${EROOT}/var/db/sudo" |
493 |
- if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then |
494 |
- chmod 711 "${sudo_db}" || die |
495 |
- fi |
496 |
- |
497 |
- if use ldap ; then |
498 |
- ewarn |
499 |
- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." |
500 |
- ewarn |
501 |
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then |
502 |
- ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" |
503 |
- ewarn "configured in /etc/nsswitch.conf." |
504 |
- ewarn |
505 |
- ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" |
506 |
- ewarn " sudoers: ldap files" |
507 |
- ewarn |
508 |
- fi |
509 |
- fi |
510 |
- if use prefix ; then |
511 |
- ewarn |
512 |
- ewarn "To use sudo, you need to change file ownership and permissions" |
513 |
- ewarn "with root privileges, as follows:" |
514 |
- ewarn |
515 |
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" |
516 |
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" |
517 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers" |
518 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" |
519 |
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo" |
520 |
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" |
521 |
- ewarn |
522 |
- fi |
523 |
- |
524 |
- elog "To use the -A (askpass) option, you need to install a compatible" |
525 |
- elog "password program from the following list. Starred packages will" |
526 |
- elog "automatically register for the use with sudo (but will not force" |
527 |
- elog "the -A option):" |
528 |
- elog "" |
529 |
- elog " [*] net-misc/ssh-askpass-fullscreen" |
530 |
- elog " net-misc/x11-ssh-askpass" |
531 |
- elog "" |
532 |
- elog "You can override the choice by setting the SUDO_ASKPASS environmnent" |
533 |
- elog "variable to the program you want to use." |
534 |
-} |
535 |
|
536 |
diff --git a/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild b/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild |
537 |
deleted file mode 100644 |
538 |
index e6bab13..0000000 |
539 |
--- a/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild |
540 |
+++ /dev/null |
541 |
@@ -1,245 +0,0 @@ |
542 |
-# Copyright 1999-2018 Gentoo Authors |
543 |
-# Distributed under the terms of the GNU General Public License v2 |
544 |
- |
545 |
-EAPI=6 |
546 |
- |
547 |
-inherit eutils pam multilib libtool tmpfiles |
548 |
-if [[ ${PV} == "9999" ]] ; then |
549 |
- EHG_REPO_URI="https://www.sudo.ws/repos/sudo" |
550 |
- inherit mercurial |
551 |
-fi |
552 |
- |
553 |
-MY_P=${P/_/} |
554 |
-MY_P=${MY_P/beta/b} |
555 |
- |
556 |
-uri_prefix= |
557 |
-case ${P} in |
558 |
- *_beta*|*_rc*) uri_prefix=beta/ ;; |
559 |
-esac |
560 |
- |
561 |
-DESCRIPTION="Allows users or groups to run commands as other users" |
562 |
-HOMEPAGE="https://www.sudo.ws/" |
563 |
-if [[ ${PV} != "9999" ]] ; then |
564 |
- SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz |
565 |
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" |
566 |
- if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then |
567 |
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris" |
568 |
- fi |
569 |
-fi |
570 |
- |
571 |
-# Basic license is ISC-style as-is, some files are released under |
572 |
-# 3-clause BSD license |
573 |
-LICENSE="ISC BSD" |
574 |
-SLOT="0" |
575 |
-IUSE="gcrypt ldap libressl nls offensive openssl pam sasl selinux +sendmail skey sssd" |
576 |
- |
577 |
-CDEPEND=" |
578 |
- sys-libs/zlib:= |
579 |
- gcrypt? ( dev-libs/libgcrypt:= ) |
580 |
- ldap? ( |
581 |
- >=net-nds/openldap-2.1.30-r1 |
582 |
- dev-libs/cyrus-sasl |
583 |
- ) |
584 |
- openssl? ( |
585 |
- !libressl? ( dev-libs/openssl:0= ) |
586 |
- libressl? ( dev-libs/libressl:0= ) |
587 |
- ) |
588 |
- pam? ( virtual/pam ) |
589 |
- sasl? ( dev-libs/cyrus-sasl ) |
590 |
- skey? ( >=sys-auth/skey-1.1.5-r1 ) |
591 |
- sssd? ( sys-auth/sssd[sudo] ) |
592 |
-" |
593 |
-RDEPEND=" |
594 |
- ${CDEPEND} |
595 |
- >=app-misc/editor-wrapper-3 |
596 |
- virtual/editor |
597 |
- ldap? ( dev-lang/perl ) |
598 |
- pam? ( sys-auth/pambase ) |
599 |
- selinux? ( sec-policy/selinux-sudo ) |
600 |
- sendmail? ( virtual/mta ) |
601 |
-" |
602 |
-DEPEND=" |
603 |
- ${CDEPEND} |
604 |
- sys-devel/bison |
605 |
-" |
606 |
- |
607 |
-S="${WORKDIR}/${MY_P}" |
608 |
- |
609 |
-REQUIRED_USE=" |
610 |
- pam? ( !skey ) |
611 |
- skey? ( !pam ) |
612 |
- ?? ( gcrypt openssl ) |
613 |
-" |
614 |
- |
615 |
-MAKEOPTS+=" SAMPLES=" |
616 |
- |
617 |
-src_prepare() { |
618 |
- default |
619 |
- elibtoolize |
620 |
-} |
621 |
- |
622 |
-set_secure_path() { |
623 |
- # FIXME: secure_path is a compile time setting. using PATH or |
624 |
- # ROOTPATH is not perfect, env-update may invalidate this, but until it |
625 |
- # is available as a sudoers setting this will have to do. |
626 |
- einfo "Setting secure_path ..." |
627 |
- |
628 |
- # first extract the default ROOTPATH from build env |
629 |
- SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; |
630 |
- echo "${ROOTPATH}") |
631 |
- case "${SECURE_PATH}" in |
632 |
- */usr/sbin*) ;; |
633 |
- *) SECURE_PATH=$(unset PATH; |
634 |
- . "${EPREFIX}"/etc/profile.env; echo "${PATH}") |
635 |
- ;; |
636 |
- esac |
637 |
- if [[ -z ${SECURE_PATH} ]] ; then |
638 |
- ewarn " Failed to detect SECURE_PATH, please report this" |
639 |
- fi |
640 |
- |
641 |
- # then remove duplicate path entries |
642 |
- cleanpath() { |
643 |
- local newpath thisp IFS=: |
644 |
- for thisp in $1 ; do |
645 |
- if [[ :${newpath}: != *:${thisp}:* ]] ; then |
646 |
- newpath+=:$thisp |
647 |
- else |
648 |
- einfo " Duplicate entry ${thisp} removed..." |
649 |
- fi |
650 |
- done |
651 |
- SECURE_PATH=${newpath#:} |
652 |
- } |
653 |
- cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}} |
654 |
- |
655 |
- # finally, strip gcc paths #136027 |
656 |
- rmpath() { |
657 |
- local e newpath thisp IFS=: |
658 |
- for thisp in ${SECURE_PATH} ; do |
659 |
- for e ; do [[ $thisp == $e ]] && continue 2 ; done |
660 |
- newpath+=:$thisp |
661 |
- done |
662 |
- SECURE_PATH=${newpath#:} |
663 |
- } |
664 |
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' |
665 |
- |
666 |
- einfo "... done" |
667 |
-} |
668 |
- |
669 |
-src_configure() { |
670 |
- local SECURE_PATH |
671 |
- set_secure_path |
672 |
- |
673 |
- # audit: somebody got to explain me how I can test this before I |
674 |
- # enable it.. - Diego |
675 |
- # plugindir: autoconf code is crappy and does not delay evaluation |
676 |
- # until `make` time, so we have to use a full path here rather than |
677 |
- # basing off other values. |
678 |
- myeconfargs=( |
679 |
- --enable-zlib=system |
680 |
- --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d |
681 |
- --with-editor="${EPREFIX}"/usr/libexec/editor |
682 |
- --with-env-editor |
683 |
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo |
684 |
- --with-rundir="${EPREFIX}"/run/sudo |
685 |
- --with-secure-path="${SECURE_PATH}" |
686 |
- --with-vardir="${EPREFIX}"/var/db/sudo |
687 |
- --without-linux-audit |
688 |
- --without-opie |
689 |
- $(use_enable gcrypt) |
690 |
- $(use_enable nls) |
691 |
- $(use_enable openssl) |
692 |
- $(use_enable sasl) |
693 |
- $(use_with offensive insults) |
694 |
- $(use_with offensive all-insults) |
695 |
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) |
696 |
- $(use_with ldap) |
697 |
- $(use_with pam) |
698 |
- $(use_with skey) |
699 |
- $(use_with sssd) |
700 |
- $(use_with selinux) |
701 |
- $(use_with sendmail) |
702 |
- ) |
703 |
- econf "${myeconfargs[@]}" |
704 |
-} |
705 |
- |
706 |
-src_install() { |
707 |
- default |
708 |
- |
709 |
- if use ldap ; then |
710 |
- dodoc README.LDAP |
711 |
- |
712 |
- cat <<-EOF > "${T}"/ldap.conf.sudo |
713 |
- # See ldap.conf(5) and README.LDAP for details |
714 |
- # This file should only be readable by root |
715 |
- |
716 |
- # supported directives: host, port, ssl, ldap_version |
717 |
- # uri, binddn, bindpw, sudoers_base, sudoers_debug |
718 |
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key} |
719 |
- EOF |
720 |
- |
721 |
- insinto /etc |
722 |
- doins "${T}"/ldap.conf.sudo |
723 |
- fperms 0440 /etc/ldap.conf.sudo |
724 |
- |
725 |
- insinto /etc/openldap/schema |
726 |
- newins doc/schema.OpenLDAP sudo.schema |
727 |
- fi |
728 |
- |
729 |
- pamd_mimic system-auth sudo auth account session |
730 |
- |
731 |
- keepdir /var/db/sudo/lectured |
732 |
- fperms 0700 /var/db/sudo/lectured |
733 |
- fperms 0711 /var/db/sudo #652958 |
734 |
- |
735 |
- # Don't install into /run as that is a tmpfs most of the time |
736 |
- # (bug #504854) |
737 |
- rm -rf "${ED%/}"/run |
738 |
-} |
739 |
- |
740 |
-pkg_postinst() { |
741 |
- tmpfiles_process sudo.conf |
742 |
- |
743 |
- #652958 |
744 |
- local sudo_db="${EROOT}/var/db/sudo" |
745 |
- if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then |
746 |
- chmod 711 "${sudo_db}" || die |
747 |
- fi |
748 |
- |
749 |
- if use ldap ; then |
750 |
- ewarn |
751 |
- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." |
752 |
- ewarn |
753 |
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then |
754 |
- ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" |
755 |
- ewarn "configured in /etc/nsswitch.conf." |
756 |
- ewarn |
757 |
- ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" |
758 |
- ewarn " sudoers: ldap files" |
759 |
- ewarn |
760 |
- fi |
761 |
- fi |
762 |
- if use prefix ; then |
763 |
- ewarn |
764 |
- ewarn "To use sudo, you need to change file ownership and permissions" |
765 |
- ewarn "with root privileges, as follows:" |
766 |
- ewarn |
767 |
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" |
768 |
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" |
769 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers" |
770 |
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" |
771 |
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo" |
772 |
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" |
773 |
- ewarn |
774 |
- fi |
775 |
- |
776 |
- elog "To use the -A (askpass) option, you need to install a compatible" |
777 |
- elog "password program from the following list. Starred packages will" |
778 |
- elog "automatically register for the use with sudo (but will not force" |
779 |
- elog "the -A option):" |
780 |
- elog "" |
781 |
- elog " [*] net-misc/ssh-askpass-fullscreen" |
782 |
- elog " net-misc/x11-ssh-askpass" |
783 |
- elog "" |
784 |
- elog "You can override the choice by setting the SUDO_ASKPASS environmnent" |
785 |
- elog "variable to the program you want to use." |
786 |
-} |