[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/ - gentoo-commits

From:	Mikle Kolyada <zlogene@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-admin/sudo/
Date:	Fri, 05 Oct 2018 21:39:03
Message-Id:	`1538775449.45151dcfac954a3de23e9980fb29b43a69244ad7.zlogene@gentoo`

1

commit:     45151dcfac954a3de23e9980fb29b43a69244ad7

2

Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>

3

AuthorDate: Fri Oct  5 21:37:29 2018 +0000

4

Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>

5

CommitDate: Fri Oct  5 21:37:29 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45151dcf

7

8

app-admin/sudo: Add sys-auth/sssd support

9

10

Closes: https://bugs.gentoo.org/525674

11

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

12

Package-Manager: Portage-2.3.49, Repoman-2.3.11

13

14

 app-admin/sudo/metadata.xml             |   1 +

15

 app-admin/sudo/sudo-1.8.25_p1-r1.ebuild | 242 ++++++++++++++++++++++++++++++++

16

 2 files changed, 243 insertions(+)

17

18

diff --git a/app-admin/sudo/metadata.xml b/app-admin/sudo/metadata.xml

19

index fd239654c5e..66a78473b2e 100644

20

--- a/app-admin/sudo/metadata.xml

21

+++ b/app-admin/sudo/metadata.xml

22

@@ -16,6 +16,7 @@

23

 		<flag name="offensive">Let sudo print insults when the user types the wrong password</flag>

24

 		<flag name="openssl">Use SHA2 from <pkg>dev-libs/openssl</pkg> instead of sudo's internal SHA2</flag>

25

 		<flag name="sendmail">Allow sudo to send emails with sendmail</flag>

26

+		<flag name="sssd">Add System Security Services Daemon support</flag>

27

 	</use>

28

 	<upstream>

29

 		<remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id>

30

31

diff --git a/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild b/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild

32

new file mode 100644

33

index 00000000000..0420116ccdf

34

--- /dev/null

35

+++ b/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild

36

@@ -0,0 +1,242 @@

37

+# Copyright 1999-2018 Gentoo Authors

38

+# Distributed under the terms of the GNU General Public License v2

39

+

40

+EAPI=6

41

+

42

+inherit eutils pam multilib libtool tmpfiles

43

+if [[ ${PV} == "9999" ]] ; then

44

+	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"

45

+	inherit mercurial

46

+fi

47

+

48

+MY_P=${P/_/}

49

+MY_P=${MY_P/beta/b}

50

+

51

+uri_prefix=

52

+case ${P} in

53

+	*_beta*|*_rc*) uri_prefix=beta/ ;;

54

+esac

55

+

56

+DESCRIPTION="Allows users or groups to run commands as other users"

57

+HOMEPAGE="https://www.sudo.ws/"

58

+if [[ ${PV} != "9999" ]] ; then

59

+	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz

60

+		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"

61

+	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then

62

+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"

63

+	fi

64

+fi

65

+

66

+# Basic license is ISC-style as-is, some files are released under

67

+# 3-clause BSD license

68

+LICENSE="ISC BSD"

69

+SLOT="0"

70

+IUSE="gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey sssd"

71

+

72

+CDEPEND="

73

+	sys-libs/zlib:=

74

+	gcrypt? ( dev-libs/libgcrypt:= )

75

+	ldap? (

76

+		>=net-nds/openldap-2.1.30-r1

77

+		dev-libs/cyrus-sasl

78

+	)

79

+	openssl? ( dev-libs/openssl:0= )

80

+	pam? ( virtual/pam )

81

+	sasl? ( dev-libs/cyrus-sasl )

82

+	skey? ( >=sys-auth/skey-1.1.5-r1 )

83

+	sssd? ( sys-auth/sssd[sudo] )

84

+"

85

+RDEPEND="

86

+	${CDEPEND}

87

+	>=app-misc/editor-wrapper-3

88

+	virtual/editor

89

+	ldap? ( dev-lang/perl )

90

+	pam? ( sys-auth/pambase )

91

+	selinux? ( sec-policy/selinux-sudo )

92

+	sendmail? ( virtual/mta )

93

+"

94

+DEPEND="

95

+	${CDEPEND}

96

+	sys-devel/bison

97

+"

98

+

99

+S="${WORKDIR}/${MY_P}"

100

+

101

+REQUIRED_USE="

102

+	pam? ( !skey )

103

+	skey? ( !pam )

104

+	?? ( gcrypt openssl )

105

+"

106

+

107

+MAKEOPTS+=" SAMPLES="

108

+

109

+src_prepare() {

110

+	default

111

+	elibtoolize

112

+}

113

+

114

+set_secure_path() {

115

+	# FIXME: secure_path is a compile time setting. using PATH or

116

+	# ROOTPATH is not perfect, env-update may invalidate this, but until it

117

+	# is available as a sudoers setting this will have to do.

118

+	einfo "Setting secure_path ..."

119

+

120

+	# first extract the default ROOTPATH from build env

121

+	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;

122

+		echo "${ROOTPATH}")

123

+		case "${SECURE_PATH}" in

124

+			*/usr/sbin*) ;;

125

+			*) SECURE_PATH=$(unset PATH;

126

+				. "${EPREFIX}"/etc/profile.env; echo "${PATH}")

127

+				;;

128

+		esac

129

+	if [[ -z ${SECURE_PATH} ]] ; then

130

+		ewarn "	Failed to detect SECURE_PATH, please report this"

131

+	fi

132

+

133

+	# then remove duplicate path entries

134

+	cleanpath() {

135

+		local newpath thisp IFS=:

136

+		for thisp in $1 ; do

137

+			if [[ :${newpath}: != *:${thisp}:* ]] ; then

138

+				newpath+=:$thisp

139

+			else

140

+				einfo "   Duplicate entry ${thisp} removed..."

141

+			fi

142

+		done

143

+		SECURE_PATH=${newpath#:}

144

+	}

145

+	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}

146

+

147

+	# finally, strip gcc paths #136027

148

+	rmpath() {

149

+		local e newpath thisp IFS=:

150

+		for thisp in ${SECURE_PATH} ; do

151

+			for e ; do [[ $thisp == $e ]] && continue 2 ; done

152

+			newpath+=:$thisp

153

+		done

154

+		SECURE_PATH=${newpath#:}

155

+	}

156

+	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'

157

+

158

+	einfo "... done"

159

+}

160

+

161

+src_configure() {

162

+	local SECURE_PATH

163

+	set_secure_path

164

+

165

+	# audit: somebody got to explain me how I can test this before I

166

+	# enable it.. - Diego

167

+	# plugindir: autoconf code is crappy and does not delay evaluation

168

+	# until `make` time, so we have to use a full path here rather than

169

+	# basing off other values.

170

+	myeconfargs=(

171

+		--enable-zlib=system

172

+		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d

173

+		--with-editor="${EPREFIX}"/usr/libexec/editor

174

+		--with-env-editor

175

+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo

176

+		--with-rundir="${EPREFIX}"/run/sudo

177

+		--with-secure-path="${SECURE_PATH}"

178

+		--with-vardir="${EPREFIX}"/var/db/sudo

179

+		--without-linux-audit

180

+		--without-opie

181

+		$(use_enable gcrypt)

182

+		$(use_enable nls)

183

+		$(use_enable openssl)

184

+		$(use_enable sasl)

185

+		$(use_with offensive insults)

186

+		$(use_with offensive all-insults)

187

+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)

188

+		$(use_with ldap)

189

+		$(use_with pam)

190

+		$(use_with skey)

191

+		$(use_with sssd)

192

+		$(use_with selinux)

193

+		$(use_with sendmail)

194

+	)

195

+	econf "${myeconfargs[@]}"

196

+}

197

+

198

+src_install() {

199

+	default

200

+

201

+	if use ldap ; then

202

+		dodoc README.LDAP

203

+

204

+		cat <<-EOF > "${T}"/ldap.conf.sudo

205

+		# See ldap.conf(5) and README.LDAP for details

206

+		# This file should only be readable by root

207

+

208

+		# supported directives: host, port, ssl, ldap_version

209

+		# uri, binddn, bindpw, sudoers_base, sudoers_debug

210

+		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}

211

+		EOF

212

+

213

+		insinto /etc

214

+		doins "${T}"/ldap.conf.sudo

215

+		fperms 0440 /etc/ldap.conf.sudo

216

+

217

+		insinto /etc/openldap/schema

218

+		newins doc/schema.OpenLDAP sudo.schema

219

+	fi

220

+

221

+	pamd_mimic system-auth sudo auth account session

222

+

223

+	keepdir /var/db/sudo/lectured

224

+	fperms 0700 /var/db/sudo/lectured

225

+	fperms 0711 /var/db/sudo #652958

226

+

227

+	# Don't install into /run as that is a tmpfs most of the time

228

+	# (bug #504854)

229

+	rm -rf "${ED%/}"/run

230

+}

231

+

232

+pkg_postinst() {

233

+	tmpfiles_process sudo.conf

234

+

235

+	#652958

236

+	local sudo_db="${EROOT}/var/db/sudo"

237

+	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then

238

+		chmod 711 "${sudo_db}" || die

239

+	fi

240

+

241

+	if use ldap ; then

242

+		ewarn

243

+		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."

244

+		ewarn

245

+		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then

246

+			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"

247

+			ewarn "configured in /etc/nsswitch.conf."

248

+			ewarn

249

+			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"

250

+			ewarn "  sudoers: ldap files"

251

+			ewarn

252

+		fi

253

+	fi

254

+	if use prefix ; then

255

+		ewarn

256

+		ewarn "To use sudo, you need to change file ownership and permissions"

257

+		ewarn "with root privileges, as follows:"

258

+		ewarn

259

+		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"

260

+		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"

261

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"

262

+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"

263

+		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"

264

+		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"

265

+		ewarn

266

+	fi

267

+

268

+	elog "To use the -A (askpass) option, you need to install a compatible"

269

+	elog "password program from the following list. Starred packages will"

270

+	elog "automatically register for the use with sudo (but will not force"

271

+	elog "the -A option):"

272

+	elog ""

273

+	elog " [*] net-misc/ssh-askpass-fullscreen"

274

+	elog "     net-misc/x11-ssh-askpass"

275

+	elog ""

276

+	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"

277

+	elog "variable to the program you want to use."

278

+}

1	commit: 45151dcfac954a3de23e9980fb29b43a69244ad7
2	Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
3	AuthorDate: Fri Oct 5 21:37:29 2018 +0000
4	Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
5	CommitDate: Fri Oct 5 21:37:29 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45151dcf
7
8	app-admin/sudo: Add sys-auth/sssd support
9
10	Closes: https://bugs.gentoo.org/525674
11	Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
12	Package-Manager: Portage-2.3.49, Repoman-2.3.11
13
14	app-admin/sudo/metadata.xml \| 1 +
15	app-admin/sudo/sudo-1.8.25_p1-r1.ebuild \| 242 ++++++++++++++++++++++++++++++++
16	2 files changed, 243 insertions(+)
17
18	diff --git a/app-admin/sudo/metadata.xml b/app-admin/sudo/metadata.xml
19	index fd239654c5e..66a78473b2e 100644
20	--- a/app-admin/sudo/metadata.xml
21	+++ b/app-admin/sudo/metadata.xml
22	@@ -16,6 +16,7 @@
23	<flag name="offensive">Let sudo print insults when the user types the wrong password</flag>
24	<flag name="openssl">Use SHA2 from <pkg>dev-libs/openssl</pkg> instead of sudo's internal SHA2</flag>
25	<flag name="sendmail">Allow sudo to send emails with sendmail</flag>
26	+ <flag name="sssd">Add System Security Services Daemon support</flag>
27	</use>
28	<upstream>
29	<remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id>
30
31	diff --git a/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild b/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild
32	new file mode 100644
33	index 00000000000..0420116ccdf
34	--- /dev/null
35	+++ b/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild
36	@@ -0,0 +1,242 @@
37	+# Copyright 1999-2018 Gentoo Authors
38	+# Distributed under the terms of the GNU General Public License v2
39	+
40	+EAPI=6
41	+
42	+inherit eutils pam multilib libtool tmpfiles
43	+if [[ ${PV} == "9999" ]] ; then
44	+ EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
45	+ inherit mercurial
46	+fi
47	+
48	+MY_P=${P/_/}
49	+MY_P=${MY_P/beta/b}
50	+
51	+uri_prefix=
52	+case ${P} in
53	+ _beta\|_rc) uri_prefix=beta/ ;;
54	+esac
55	+
56	+DESCRIPTION="Allows users or groups to run commands as other users"
57	+HOMEPAGE="https://www.sudo.ws/"
58	+if [[ ${PV} != "9999" ]] ; then
59	+ SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
60	+ ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
61	+ if [[ ${PV} != _beta ]] && [[ ${PV} != _rc ]] ; then
62	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"
63	+ fi
64	+fi
65	+
66	+# Basic license is ISC-style as-is, some files are released under
67	+# 3-clause BSD license
68	+LICENSE="ISC BSD"
69	+SLOT="0"
70	+IUSE="gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey sssd"
71	+
72	+CDEPEND="
73	+ sys-libs/zlib:=
74	+ gcrypt? ( dev-libs/libgcrypt:= )
75	+ ldap? (
76	+ >=net-nds/openldap-2.1.30-r1
77	+ dev-libs/cyrus-sasl
78	+ )
79	+ openssl? ( dev-libs/openssl:0= )
80	+ pam? ( virtual/pam )
81	+ sasl? ( dev-libs/cyrus-sasl )
82	+ skey? ( >=sys-auth/skey-1.1.5-r1 )
83	+ sssd? ( sys-auth/sssd[sudo] )
84	+"
85	+RDEPEND="
86	+ ${CDEPEND}
87	+ >=app-misc/editor-wrapper-3
88	+ virtual/editor
89	+ ldap? ( dev-lang/perl )
90	+ pam? ( sys-auth/pambase )
91	+ selinux? ( sec-policy/selinux-sudo )
92	+ sendmail? ( virtual/mta )
93	+"
94	+DEPEND="
95	+ ${CDEPEND}
96	+ sys-devel/bison
97	+"
98	+
99	+S="${WORKDIR}/${MY_P}"
100	+
101	+REQUIRED_USE="
102	+ pam? ( !skey )
103	+ skey? ( !pam )
104	+ ?? ( gcrypt openssl )
105	+"
106	+
107	+MAKEOPTS+=" SAMPLES="
108	+
109	+src_prepare() {
110	+ default
111	+ elibtoolize
112	+}
113	+
114	+set_secure_path() {
115	+ # FIXME: secure_path is a compile time setting. using PATH or
116	+ # ROOTPATH is not perfect, env-update may invalidate this, but until it
117	+ # is available as a sudoers setting this will have to do.
118	+ einfo "Setting secure_path ..."
119	+
120	+ # first extract the default ROOTPATH from build env
121	+ SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
122	+ echo "${ROOTPATH}")
123	+ case "${SECURE_PATH}" in
124	+ /usr/sbin) ;;
125	+ *) SECURE_PATH=$(unset PATH;
126	+ . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
127	+ ;;
128	+ esac
129	+ if [[ -z ${SECURE_PATH} ]] ; then
130	+ ewarn " Failed to detect SECURE_PATH, please report this"
131	+ fi
132	+
133	+ # then remove duplicate path entries
134	+ cleanpath() {
135	+ local newpath thisp IFS=:
136	+ for thisp in $1 ; do
137	+ if [[ :${newpath}: != :${thisp}: ]] ; then
138	+ newpath+=:$thisp
139	+ else
140	+ einfo " Duplicate entry ${thisp} removed..."
141	+ fi
142	+ done
143	+ SECURE_PATH=${newpath#:}
144	+ }
145	+ cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
146	+
147	+ # finally, strip gcc paths #136027
148	+ rmpath() {
149	+ local e newpath thisp IFS=:
150	+ for thisp in ${SECURE_PATH} ; do
151	+ for e ; do [[ $thisp == $e ]] && continue 2 ; done
152	+ newpath+=:$thisp
153	+ done
154	+ SECURE_PATH=${newpath#:}
155	+ }
156	+ rmpath '/gcc-bin/' '/gnat-gcc-bin/' '/gnat-gcc/'
157	+
158	+ einfo "... done"
159	+}
160	+
161	+src_configure() {
162	+ local SECURE_PATH
163	+ set_secure_path
164	+
165	+ # audit: somebody got to explain me how I can test this before I
166	+ # enable it.. - Diego
167	+ # plugindir: autoconf code is crappy and does not delay evaluation
168	+ # until `make` time, so we have to use a full path here rather than
169	+ # basing off other values.
170	+ myeconfargs=(
171	+ --enable-zlib=system
172	+ --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
173	+ --with-editor="${EPREFIX}"/usr/libexec/editor
174	+ --with-env-editor
175	+ --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
176	+ --with-rundir="${EPREFIX}"/run/sudo
177	+ --with-secure-path="${SECURE_PATH}"
178	+ --with-vardir="${EPREFIX}"/var/db/sudo
179	+ --without-linux-audit
180	+ --without-opie
181	+ $(use_enable gcrypt)
182	+ $(use_enable nls)
183	+ $(use_enable openssl)
184	+ $(use_enable sasl)
185	+ $(use_with offensive insults)
186	+ $(use_with offensive all-insults)
187	+ $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
188	+ $(use_with ldap)
189	+ $(use_with pam)
190	+ $(use_with skey)
191	+ $(use_with sssd)
192	+ $(use_with selinux)
193	+ $(use_with sendmail)
194	+ )
195	+ econf "${myeconfargs[@]}"
196	+}
197	+
198	+src_install() {
199	+ default
200	+
201	+ if use ldap ; then
202	+ dodoc README.LDAP
203	+
204	+ cat <<-EOF > "${T}"/ldap.conf.sudo
205	+ # See ldap.conf(5) and README.LDAP for details
206	+ # This file should only be readable by root
207	+
208	+ # supported directives: host, port, ssl, ldap_version
209	+ # uri, binddn, bindpw, sudoers_base, sudoers_debug
210	+ # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
211	+ EOF
212	+
213	+ insinto /etc
214	+ doins "${T}"/ldap.conf.sudo
215	+ fperms 0440 /etc/ldap.conf.sudo
216	+
217	+ insinto /etc/openldap/schema
218	+ newins doc/schema.OpenLDAP sudo.schema
219	+ fi
220	+
221	+ pamd_mimic system-auth sudo auth account session
222	+
223	+ keepdir /var/db/sudo/lectured
224	+ fperms 0700 /var/db/sudo/lectured
225	+ fperms 0711 /var/db/sudo #652958
226	+
227	+ # Don't install into /run as that is a tmpfs most of the time
228	+ # (bug #504854)
229	+ rm -rf "${ED%/}"/run
230	+}
231	+
232	+pkg_postinst() {
233	+ tmpfiles_process sudo.conf
234	+
235	+ #652958
236	+ local sudo_db="${EROOT}/var/db/sudo"
237	+ if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
238	+ chmod 711 "${sudo_db}" \|\| die
239	+ fi
240	+
241	+ if use ldap ; then
242	+ ewarn
243	+ ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
244	+ ewarn
245	+ if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
246	+ ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
247	+ ewarn "configured in /etc/nsswitch.conf."
248	+ ewarn
249	+ ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
250	+ ewarn " sudoers: ldap files"
251	+ ewarn
252	+ fi
253	+ fi
254	+ if use prefix ; then
255	+ ewarn
256	+ ewarn "To use sudo, you need to change file ownership and permissions"
257	+ ewarn "with root privileges, as follows:"
258	+ ewarn
259	+ ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
260	+ ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
261	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
262	+ ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
263	+ ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
264	+ ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
265	+ ewarn
266	+ fi
267	+
268	+ elog "To use the -A (askpass) option, you need to install a compatible"
269	+ elog "password program from the following list. Starred packages will"
270	+ elog "automatically register for the use with sudo (but will not force"
271	+ elog "the -A option):"
272	+ elog ""
273	+ elog " [*] net-misc/ssh-askpass-fullscreen"
274	+ elog " net-misc/x11-ssh-askpass"
275	+ elog ""
276	+ elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
277	+ elog "variable to the program you want to use."
278	+}

Gentoo Archives: gentoo-commits