forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
app-admin/sudo: Bump to version 1.8.25_p1
Package-Manager: Portage-2.3.49, Repoman-2.3.10
- Loading branch information
Lars Wendler
committed
Sep 13, 2018
1 parent
9b41633
commit d44d599
Showing
2 changed files
with
241 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
DIST sudo-1.8.23.tar.gz 3150674 BLAKE2B 11b1c7bfa372005cda8baf651c4662f6fd15e94ca77f7705b23ca6573424796d5c1f8e47e2874c4b54017141d01a632885ac60c92346d932537048373cad0ede SHA512 a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342 | ||
DIST sudo-1.8.24.tar.gz 3175719 BLAKE2B 61fc469e2d8146b8bb59709192dc33828f0065d4dcf9625e72ae1da9a2c1d6925a0201e5999e146e2e15f5a103ad5690a88fcabb75f57e76b779fe07de53b459 SHA512 ec6295a456a300e81ea2356080d51a57e3eb5d8070d8aab228cece0100ef54954f6c3dd458316b0c2da6839c0d8dab7cdc1a360aceb2594641e064465ecb1ee8 | ||
DIST sudo-1.8.25.tar.gz 3189660 BLAKE2B 9eeab3ac4ea67a866071750a8cf19e0753ef1b59187f715c69547bbae8ee0039bf15116ef30ed5dc6fc11b17beeff174e08756b2d701e0f2668a05f2e318f623 SHA512 f3f0c9e315484e5ba2d535f41ab722881343b1fa299f75cfad456bd41a555d80080369677e62626307df792aeabc29ba450e6f0b9c284ea2cfb8dc5e3568f46d | ||
DIST sudo-1.8.25p1.tar.gz 3189951 BLAKE2B ebfedaad62e60f625db8c46a5c8f19977a5ec0a86bab3b34d91096c08e8b8ece056ba312f9fecd4cdd704fc17d49a36681b41cd40269df7c67cd66d80c0d8efb SHA512 b1445be688d3c1dd7efbdfab68977a7a9b6fd6887191dc99ca717117eec0a550492642556cd55ca5873d054ddc5ccc2b87b2c34602e1ffc729ab6fbc4e523a72 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,240 @@ | ||
# Copyright 1999-2018 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=6 | ||
|
||
inherit eutils pam multilib libtool tmpfiles | ||
if [[ ${PV} == "9999" ]] ; then | ||
EHG_REPO_URI="https://www.sudo.ws/repos/sudo" | ||
inherit mercurial | ||
fi | ||
|
||
MY_P=${P/_/} | ||
MY_P=${MY_P/beta/b} | ||
|
||
uri_prefix= | ||
case ${P} in | ||
*_beta*|*_rc*) uri_prefix=beta/ ;; | ||
esac | ||
|
||
DESCRIPTION="Allows users or groups to run commands as other users" | ||
HOMEPAGE="https://www.sudo.ws/" | ||
if [[ ${PV} != "9999" ]] ; then | ||
SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz | ||
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" | ||
if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then | ||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris" | ||
fi | ||
fi | ||
|
||
# Basic license is ISC-style as-is, some files are released under | ||
# 3-clause BSD license | ||
LICENSE="ISC BSD" | ||
SLOT="0" | ||
IUSE="gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey" | ||
|
||
CDEPEND=" | ||
sys-libs/zlib:= | ||
gcrypt? ( dev-libs/libgcrypt:= ) | ||
ldap? ( | ||
>=net-nds/openldap-2.1.30-r1 | ||
dev-libs/cyrus-sasl | ||
) | ||
openssl? ( dev-libs/openssl:0= ) | ||
pam? ( virtual/pam ) | ||
sasl? ( dev-libs/cyrus-sasl ) | ||
skey? ( >=sys-auth/skey-1.1.5-r1 ) | ||
" | ||
RDEPEND=" | ||
${CDEPEND} | ||
>=app-misc/editor-wrapper-3 | ||
virtual/editor | ||
ldap? ( dev-lang/perl ) | ||
pam? ( sys-auth/pambase ) | ||
selinux? ( sec-policy/selinux-sudo ) | ||
sendmail? ( virtual/mta ) | ||
" | ||
DEPEND=" | ||
${CDEPEND} | ||
sys-devel/bison | ||
" | ||
|
||
S="${WORKDIR}/${MY_P}" | ||
|
||
REQUIRED_USE=" | ||
pam? ( !skey ) | ||
skey? ( !pam ) | ||
?? ( gcrypt openssl ) | ||
" | ||
|
||
MAKEOPTS+=" SAMPLES=" | ||
|
||
src_prepare() { | ||
default | ||
elibtoolize | ||
} | ||
|
||
set_secure_path() { | ||
# FIXME: secure_path is a compile time setting. using PATH or | ||
# ROOTPATH is not perfect, env-update may invalidate this, but until it | ||
# is available as a sudoers setting this will have to do. | ||
einfo "Setting secure_path ..." | ||
|
||
# first extract the default ROOTPATH from build env | ||
SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; | ||
echo "${ROOTPATH}") | ||
case "${SECURE_PATH}" in | ||
*/usr/sbin*) ;; | ||
*) SECURE_PATH=$(unset PATH; | ||
. "${EPREFIX}"/etc/profile.env; echo "${PATH}") | ||
;; | ||
esac | ||
if [[ -z ${SECURE_PATH} ]] ; then | ||
ewarn " Failed to detect SECURE_PATH, please report this" | ||
fi | ||
|
||
# then remove duplicate path entries | ||
cleanpath() { | ||
local newpath thisp IFS=: | ||
for thisp in $1 ; do | ||
if [[ :${newpath}: != *:${thisp}:* ]] ; then | ||
newpath+=:$thisp | ||
else | ||
einfo " Duplicate entry ${thisp} removed..." | ||
fi | ||
done | ||
SECURE_PATH=${newpath#:} | ||
} | ||
cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}} | ||
|
||
# finally, strip gcc paths #136027 | ||
rmpath() { | ||
local e newpath thisp IFS=: | ||
for thisp in ${SECURE_PATH} ; do | ||
for e ; do [[ $thisp == $e ]] && continue 2 ; done | ||
newpath+=:$thisp | ||
done | ||
SECURE_PATH=${newpath#:} | ||
} | ||
rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' | ||
|
||
einfo "... done" | ||
} | ||
|
||
src_configure() { | ||
local SECURE_PATH | ||
set_secure_path | ||
|
||
# audit: somebody got to explain me how I can test this before I | ||
# enable it.. - Diego | ||
# plugindir: autoconf code is crappy and does not delay evaluation | ||
# until `make` time, so we have to use a full path here rather than | ||
# basing off other values. | ||
myeconfargs=( | ||
--enable-zlib=system | ||
--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d | ||
--with-editor="${EPREFIX}"/usr/libexec/editor | ||
--with-env-editor | ||
--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo | ||
--with-rundir="${EPREFIX}"/run/sudo | ||
--with-secure-path="${SECURE_PATH}" | ||
--with-vardir="${EPREFIX}"/var/db/sudo | ||
--without-linux-audit | ||
--without-opie | ||
$(use_enable gcrypt) | ||
$(use_enable nls) | ||
$(use_enable openssl) | ||
$(use_enable sasl) | ||
$(use_with offensive insults) | ||
$(use_with offensive all-insults) | ||
$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) | ||
$(use_with ldap) | ||
$(use_with pam) | ||
$(use_with skey) | ||
$(use_with selinux) | ||
$(use_with sendmail) | ||
) | ||
econf "${myeconfargs[@]}" | ||
} | ||
|
||
src_install() { | ||
default | ||
|
||
if use ldap ; then | ||
dodoc README.LDAP | ||
|
||
cat <<-EOF > "${T}"/ldap.conf.sudo | ||
# See ldap.conf(5) and README.LDAP for details | ||
# This file should only be readable by root | ||
# supported directives: host, port, ssl, ldap_version | ||
# uri, binddn, bindpw, sudoers_base, sudoers_debug | ||
# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key} | ||
EOF | ||
|
||
insinto /etc | ||
doins "${T}"/ldap.conf.sudo | ||
fperms 0440 /etc/ldap.conf.sudo | ||
|
||
insinto /etc/openldap/schema | ||
newins doc/schema.OpenLDAP sudo.schema | ||
fi | ||
|
||
pamd_mimic system-auth sudo auth account session | ||
|
||
keepdir /var/db/sudo/lectured | ||
fperms 0700 /var/db/sudo/lectured | ||
fperms 0711 /var/db/sudo #652958 | ||
|
||
# Don't install into /run as that is a tmpfs most of the time | ||
# (bug #504854) | ||
rm -rf "${ED%/}"/run | ||
} | ||
|
||
pkg_postinst() { | ||
tmpfiles_process sudo.conf | ||
|
||
#652958 | ||
local sudo_db="${EROOT}/var/db/sudo" | ||
if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then | ||
chmod 711 "${sudo_db}" || die | ||
fi | ||
|
||
if use ldap ; then | ||
ewarn | ||
ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." | ||
ewarn | ||
if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then | ||
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" | ||
ewarn "configured in /etc/nsswitch.conf." | ||
ewarn | ||
ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" | ||
ewarn " sudoers: ldap files" | ||
ewarn | ||
fi | ||
fi | ||
if use prefix ; then | ||
ewarn | ||
ewarn "To use sudo, you need to change file ownership and permissions" | ||
ewarn "with root privileges, as follows:" | ||
ewarn | ||
ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" | ||
ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" | ||
ewarn " # chown root:root ${EPREFIX}/etc/sudoers" | ||
ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" | ||
ewarn " # chown root:root ${EPREFIX}/var/db/sudo" | ||
ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" | ||
ewarn | ||
fi | ||
|
||
elog "To use the -A (askpass) option, you need to install a compatible" | ||
elog "password program from the following list. Starred packages will" | ||
elog "automatically register for the use with sudo (but will not force" | ||
elog "the -A option):" | ||
elog "" | ||
elog " [*] net-misc/ssh-askpass-fullscreen" | ||
elog " net-misc/x11-ssh-askpass" | ||
elog "" | ||
elog "You can override the choice by setting the SUDO_ASKPASS environmnent" | ||
elog "variable to the program you want to use." | ||
} |