[gentoo-commits] proj/musl:master commit in: app-admin/sudo/

[gentoo-commits] proj/musl:master commit in: app-admin/sudo/

[Anthony G. Basile]

commit:     79c877e72cba66d6124c721721106c38c8ce87cd
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 16 13:53:28 2017 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jun 16 13:53:28 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=79c877e7

app-admin/sudo: needs --disable-hardening on i686 with gcc-5

Package-Manager: Portage-2.3.5, Repoman-2.3.1

 app-admin/sudo/Manifest              |   3 +
 app-admin/sudo/metadata.xml          |  33 ++++++
 app-admin/sudo/sudo-1.8.20_p2.ebuild | 221 +++++++++++++++++++++++++++++++++++
 3 files changed, 257 insertions(+)

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
new file mode 100644
index 0000000..725d646
--- /dev/null
+++ b/app-admin/sudo/Manifest
@@ -0,0 +1,3 @@
+DIST sudo-1.8.20p2.tar.gz 2930769 SHA256 bd42ae1059e935f795c69ea97b3de09fe9410a58a74b5d5e6836eb5067a445d9 SHA512 8bf67e687f7a84605fdef8d547b5cd661141b6c8fd25820c33c7e37e97ca7f21f564c3bae691f8a8cd08df7d80338e36a8f06bb5086cc104509d71d6ab1bceda WHIRLPOOL 4e9b6ddaba8cdb4d82358e01252136af56ae50f656f9802285471c7c1e5c831d26aa07cb78205f63ea6098f98846911938681a89256afe5419372039d0e4e792
+EBUILD sudo-1.8.20_p2.ebuild 5735 SHA256 eafe3cac0db1ccc7782f8ad145986b984f69426658e27ebc1ab1ba9413123ada SHA512 ab689b5560b43afe8cb5b810b3840ae1ab003679f8eadb3caab25a28ee8630637d25b76f3e4119ef544427a585aeda5b6e09b6d7b581db9be320cb52f06f5f47 WHIRLPOOL 7074ca14c96e04d928c159f24e58ada92a7feac46cc2756af3cd3532df119c5da021e951c55c600530b67a0ba86ca753b7bd006460edd636e8d81edf1ea74d3e
+MISC metadata.xml 1035 SHA256 56b9c0d884f41a5c5174a0324a7e3dbab3f6a23794f0feae4c36fb149a3bce3d SHA512 c68b8c6977af60d3606d0b9854298192b35d43f16db7a41c92c7c9f1439f7950f6c6af93c3c9c4f3ff7ea4fda810e0c2375c0625c44150f7c6263ac7d1f9b60c WHIRLPOOL 396f0cebd849d866db3c768d540c7bb3b4132cd92588666e041e94d1165d22f31cc9026c20ba1635a47ec8ba605cfb62cff47a60521fbaf42b019054490b3b2e

diff --git a/app-admin/sudo/metadata.xml b/app-admin/sudo/metadata.xml
new file mode 100644
index 0000000..1625b90
--- /dev/null
+++ b/app-admin/sudo/metadata.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="project">
+    <email>base-system@gentoo.org</email>
+    <name>Gentoo Base System</name>
+  </maintainer>
+  <longdescription lang="en">
+    Sudo (superuser do) allows a system administrator to give certain
+    users (or groups of users) the ability to run some (or all)
+    commands as root or another user while logging the commands and
+    arguments.
+  </longdescription>
+  <use>
+	<flag name="gcrypt">
+		Use SHA2 from <pkg>dev-libs/libgcrypt</pkg>
+		instead of sudo's internal SHA2.
+	</flag>
+	<flag name="offensive">
+		Let sudo print insults when the user types the wrong password.
+	</flag>
+	<flag name="openssl">
+		Use SHA2 from <pkg>dev-libs/openssl</pkg>
+		instead of sudo's internal SHA2.
+	</flag>
+	<flag name="sendmail">
+		Allow sudo to send emails with sendmail.
+	</flag>
+  </use>
+  <upstream>
+    <remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id>
+  </upstream>
+</pkgmetadata>

diff --git a/app-admin/sudo/sudo-1.8.20_p2.ebuild b/app-admin/sudo/sudo-1.8.20_p2.ebuild
new file mode 100644
index 0000000..81266ea
--- /dev/null
+++ b/app-admin/sudo/sudo-1.8.20_p2.ebuild
@@ -0,0 +1,221 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils pam multilib libtool
+
+MY_P=${P/_/}
+MY_P=${MY_P/beta/b}
+
+uri_prefix=
+case ${P} in
+	*_beta*|*_rc*) uri_prefix=beta/ ;;
+esac
+
+DESCRIPTION="Allows users or groups to run commands as other users"
+HOMEPAGE="http://www.sudo.ws/"
+SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
+	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
+
+# Basic license is ISC-style as-is, some files are released under
+# 3-clause BSD license
+LICENSE="ISC BSD"
+SLOT="0"
+if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
+	KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
+fi
+IUSE="gcrypt ldap nls pam offensive openssl selinux skey +sendmail"
+
+CDEPEND="
+	gcrypt? ( dev-libs/libgcrypt:= )
+	openssl? ( dev-libs/openssl:0= )
+	pam? ( virtual/pam )
+	skey? ( >=sys-auth/skey-1.1.5-r1 )
+	ldap? (
+		>=net-nds/openldap-2.1.30-r1
+		dev-libs/cyrus-sasl
+	)
+	sys-libs/zlib
+"
+RDEPEND="
+	${CDEPEND}
+	selinux? ( sec-policy/selinux-sudo )
+	ldap? ( dev-lang/perl )
+	pam? ( sys-auth/pambase )
+	>=app-misc/editor-wrapper-3
+	virtual/editor
+	sendmail? ( virtual/mta )
+"
+DEPEND="
+	${CDEPEND}
+	sys-devel/bison
+"
+
+S="${WORKDIR}/${MY_P}"
+
+REQUIRED_USE="
+	pam? ( !skey )
+	skey? ( !pam )
+	?? ( gcrypt openssl )
+"
+
+MAKEOPTS+=" SAMPLES="
+
+src_prepare() {
+	default
+	elibtoolize
+}
+
+set_rootpath() {
+	# FIXME: secure_path is a compile time setting. using ROOTPATH
+	# is not perfect, env-update may invalidate this, but until it
+	# is available as a sudoers setting this will have to do.
+	einfo "Setting secure_path ..."
+
+	# first extract the default ROOTPATH from build env
+	ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
+	if [[ -z ${ROOTPATH} ]] ; then
+		ewarn "	Failed to find ROOTPATH, please report this"
+	fi
+
+	# then remove duplicate path entries
+	cleanpath() {
+		local newpath thisp IFS=:
+		for thisp in $1 ; do
+			if [[ :${newpath}: != *:${thisp}:* ]] ; then
+				newpath+=:$thisp
+			else
+				einfo "   Duplicate entry ${thisp} removed..."
+			fi
+		done
+		ROOTPATH=${newpath#:}
+	}
+	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
+
+	# finally, strip gcc paths #136027
+	rmpath() {
+		local e newpath thisp IFS=:
+		for thisp in ${ROOTPATH} ; do
+			for e ; do [[ $thisp == $e ]] && continue 2 ; done
+			newpath+=:$thisp
+		done
+		ROOTPATH=${newpath#:}
+	}
+	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
+
+	einfo "... done"
+}
+
+src_configure() {
+	local ROOTPATH
+	set_rootpath
+
+	# audit: somebody got to explain me how I can test this before I
+	# enable it.. - Diego
+	# plugindir: autoconf code is crappy and does not delay evaluation
+	# until `make` time, so we have to use a full path here rather than
+	# basing off other values.
+	myeconfargs=(
+		--enable-zlib=system
+		--with-editor="${EPREFIX}"/usr/libexec/editor
+		--with-env-editor
+		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
+		--with-rundir="${EPREFIX}"/var/run/sudo
+		--with-secure-path="${ROOTPATH}"
+		--with-vardir="${EPREFIX}"/var/db/sudo
+		--without-linux-audit
+		--without-opie
+		$(use_enable gcrypt)
+		$(use_enable nls)
+		$(use_enable openssl)
+		$(use_with offensive insults)
+		$(use_with offensive all-insults)
+		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
+		$(use_with ldap)
+		$(use_with pam)
+		$(use_with skey)
+		$(use_with selinux)
+		$(use_with sendmail)
+	)
+
+	if [[ $(tc-arch) == x86 ]]; then
+		myeconfargs=( --disable-hardening )
+	fi
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	if use ldap ; then
+		dodoc README.LDAP
+		dosbin plugins/sudoers/sudoers2ldif
+
+		cat <<-EOF > "${T}"/ldap.conf.sudo
+		# See ldap.conf(5) and README.LDAP for details
+		# This file should only be readable by root
+
+		# supported directives: host, port, ssl, ldap_version
+		# uri, binddn, bindpw, sudoers_base, sudoers_debug
+		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
+		EOF
+
+		insinto /etc
+		doins "${T}"/ldap.conf.sudo
+		fperms 0440 /etc/ldap.conf.sudo
+
+		insinto /etc/openldap/schema
+		newins doc/schema.OpenLDAP sudo.schema
+	fi
+
+	pamd_mimic system-auth sudo auth account session
+
+	keepdir /var/db/sudo
+	fperms 0700 /var/db/sudo
+
+	# Don't install into /var/run as that is a tmpfs most of the time
+	# (bug #504854)
+	rm -rf "${D}"/var/run
+}
+
+pkg_postinst() {
+	if use ldap ; then
+		ewarn
+		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
+		ewarn
+		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
+			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
+			ewarn "configured in /etc/nsswitch.conf."
+			ewarn
+			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
+			ewarn "  sudoers: ldap files"
+			ewarn
+		fi
+	fi
+	if use prefix ; then
+		ewarn
+		ewarn "To use sudo, you need to change file ownership and permissions"
+		ewarn "with root privileges, as follows:"
+		ewarn
+		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"
+		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"
+		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"
+		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"
+		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"
+		ewarn
+	fi
+
+	elog "To use the -A (askpass) option, you need to install a compatible"
+	elog "password program from the following list. Starred packages will"
+	elog "automatically register for the use with sudo (but will not force"
+	elog "the -A option):"
+	elog ""
+	elog " [*] net-misc/ssh-askpass-fullscreen"
+	elog "     net-misc/x11-ssh-askpass"
+	elog ""
+	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
+	elog "variable to the program you want to use."
+}

[gentoo-commits] proj/musl:master commit in: app-admin/sudo/

[Anthony G. Basile]

commit:     5e2db6dfad97c57de639c135c6f91da6b96ec7b8
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 16 13:54:29 2017 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jun 16 13:54:29 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=5e2db6df

app-admin/sudo: mark 1.8.20_p2 stable on all musl arches

Package-Manager: Portage-2.3.5, Repoman-2.3.1

 app-admin/sudo/Manifest              | 2 +-
 app-admin/sudo/sudo-1.8.20_p2.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 725d646..4ec8590 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1,3 +1,3 @@
 DIST sudo-1.8.20p2.tar.gz 2930769 SHA256 bd42ae1059e935f795c69ea97b3de09fe9410a58a74b5d5e6836eb5067a445d9 SHA512 8bf67e687f7a84605fdef8d547b5cd661141b6c8fd25820c33c7e37e97ca7f21f564c3bae691f8a8cd08df7d80338e36a8f06bb5086cc104509d71d6ab1bceda WHIRLPOOL 4e9b6ddaba8cdb4d82358e01252136af56ae50f656f9802285471c7c1e5c831d26aa07cb78205f63ea6098f98846911938681a89256afe5419372039d0e4e792
-EBUILD sudo-1.8.20_p2.ebuild 5735 SHA256 eafe3cac0db1ccc7782f8ad145986b984f69426658e27ebc1ab1ba9413123ada SHA512 ab689b5560b43afe8cb5b810b3840ae1ab003679f8eadb3caab25a28ee8630637d25b76f3e4119ef544427a585aeda5b6e09b6d7b581db9be320cb52f06f5f47 WHIRLPOOL 7074ca14c96e04d928c159f24e58ada92a7feac46cc2756af3cd3532df119c5da021e951c55c600530b67a0ba86ca753b7bd006460edd636e8d81edf1ea74d3e
+EBUILD sudo-1.8.20_p2.ebuild 5731 SHA256 47ffe81b9a9709720f0be1a247cca4f0e7f0ff98b63941213df509483b387440 SHA512 f03888a9aa22aad97b015f0dc2956caf52ba99c0bdd721faca5e0b4ddbd797792f78ef45f3a319edaca075e6bf9c1b388c681e69d0f9767585f2e9655c001add WHIRLPOOL b05f5eaf36206ee4ac1e64248cda3ba2044d053ce4fa763a4cba3aeaaf025faeb171a2f3195ffefd486a4a4de9e146636ddda6a5cc6a213fdbdbae5d8c586df5
 MISC metadata.xml 1035 SHA256 56b9c0d884f41a5c5174a0324a7e3dbab3f6a23794f0feae4c36fb149a3bce3d SHA512 c68b8c6977af60d3606d0b9854298192b35d43f16db7a41c92c7c9f1439f7950f6c6af93c3c9c4f3ff7ea4fda810e0c2375c0625c44150f7c6263ac7d1f9b60c WHIRLPOOL 396f0cebd849d866db3c768d540c7bb3b4132cd92588666e041e94d1165d22f31cc9026c20ba1635a47ec8ba605cfb62cff47a60521fbaf42b019054490b3b2e

diff --git a/app-admin/sudo/sudo-1.8.20_p2.ebuild b/app-admin/sudo/sudo-1.8.20_p2.ebuild
index 81266ea..678d138 100644
--- a/app-admin/sudo/sudo-1.8.20_p2.ebuild
+++ b/app-admin/sudo/sudo-1.8.20_p2.ebuild
@@ -23,7 +23,7 @@ SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
 LICENSE="ISC BSD"
 SLOT="0"
 if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
-	KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
+	KEYWORDS="amd64 arm ~mips ppc x86"
 fi
 IUSE="gcrypt ldap nls pam offensive openssl selinux skey +sendmail"
 

[gentoo-commits] proj/musl:master commit in: app-admin/sudo/

[Anthony G. Basile]

commit:     c37e5e60d39306a5c3fcd81069073c872850f0ad
Author:     stefson <herrtimson <AT> yahoo <DOT> de>
AuthorDate: Mon Sep  4 09:02:04 2017 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Sep  5 13:39:29 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=c37e5e60

app-admin/sudo: drop all keywords but x86

Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

 app-admin/sudo/Manifest              | 2 +-
 app-admin/sudo/sudo-1.8.20_p2.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 4ec8590..a4082ca 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1,3 +1,3 @@
 DIST sudo-1.8.20p2.tar.gz 2930769 SHA256 bd42ae1059e935f795c69ea97b3de09fe9410a58a74b5d5e6836eb5067a445d9 SHA512 8bf67e687f7a84605fdef8d547b5cd661141b6c8fd25820c33c7e37e97ca7f21f564c3bae691f8a8cd08df7d80338e36a8f06bb5086cc104509d71d6ab1bceda WHIRLPOOL 4e9b6ddaba8cdb4d82358e01252136af56ae50f656f9802285471c7c1e5c831d26aa07cb78205f63ea6098f98846911938681a89256afe5419372039d0e4e792
-EBUILD sudo-1.8.20_p2.ebuild 5731 SHA256 47ffe81b9a9709720f0be1a247cca4f0e7f0ff98b63941213df509483b387440 SHA512 f03888a9aa22aad97b015f0dc2956caf52ba99c0bdd721faca5e0b4ddbd797792f78ef45f3a319edaca075e6bf9c1b388c681e69d0f9767585f2e9655c001add WHIRLPOOL b05f5eaf36206ee4ac1e64248cda3ba2044d053ce4fa763a4cba3aeaaf025faeb171a2f3195ffefd486a4a4de9e146636ddda6a5cc6a213fdbdbae5d8c586df5
+EBUILD sudo-1.8.20_p2.ebuild 5711 SHA256 8376501f06b4f1e893496887791ff243c13ea37b3bb3a7d07f4227f6990219d4 SHA512 dd2088e4505a1018f78bb8fef54b8315a410d83b68b337e59a61fad0b2b724c3c3331bff4008cdc90bff49722c0f5bd3169fad86c3efdef14bb82d1094eae430 WHIRLPOOL f9bce92784a2a70074164598d8539720eb63371ffb1dd9673c2ff4a895727d8258822590ec82609b7eec2c3dc934b0391252d757e992b351cd67cda6c775fdee
 MISC metadata.xml 1035 SHA256 56b9c0d884f41a5c5174a0324a7e3dbab3f6a23794f0feae4c36fb149a3bce3d SHA512 c68b8c6977af60d3606d0b9854298192b35d43f16db7a41c92c7c9f1439f7950f6c6af93c3c9c4f3ff7ea4fda810e0c2375c0625c44150f7c6263ac7d1f9b60c WHIRLPOOL 396f0cebd849d866db3c768d540c7bb3b4132cd92588666e041e94d1165d22f31cc9026c20ba1635a47ec8ba605cfb62cff47a60521fbaf42b019054490b3b2e

diff --git a/app-admin/sudo/sudo-1.8.20_p2.ebuild b/app-admin/sudo/sudo-1.8.20_p2.ebuild
index 678d138..b17e72c 100644
--- a/app-admin/sudo/sudo-1.8.20_p2.ebuild
+++ b/app-admin/sudo/sudo-1.8.20_p2.ebuild
@@ -23,7 +23,7 @@ SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
 LICENSE="ISC BSD"
 SLOT="0"
 if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
-	KEYWORDS="amd64 arm ~mips ppc x86"
+	KEYWORDS="x86"
 fi
 IUSE="gcrypt ldap nls pam offensive openssl selinux skey +sendmail"
 

[gentoo-commits] proj/musl:master commit in: app-admin/sudo/

[Anthony G. Basile]

commit:     ee8622181ae7714d834c6c03f1bf9bfb3a922ecc
Author:     stefson <herrtimson <AT> yahoo <DOT> de>
AuthorDate: Sun Jun 17 08:18:03 2018 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Jun 17 09:37:31 2018 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=ee862218

app-admin/sudo: revbump

 app-admin/sudo/Manifest                            |  2 +-
 ...sudo-1.8.20_p2.ebuild => sudo-1.8.22-r2.ebuild} | 24 ++++++++++++++--------
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 8650e38..87e58ff 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1 +1 @@
-DIST sudo-1.8.20p2.tar.gz 2930769 SHA256 bd42ae1059e935f795c69ea97b3de09fe9410a58a74b5d5e6836eb5067a445d9 SHA512 8bf67e687f7a84605fdef8d547b5cd661141b6c8fd25820c33c7e37e97ca7f21f564c3bae691f8a8cd08df7d80338e36a8f06bb5086cc104509d71d6ab1bceda WHIRLPOOL 4e9b6ddaba8cdb4d82358e01252136af56ae50f656f9802285471c7c1e5c831d26aa07cb78205f63ea6098f98846911938681a89256afe5419372039d0e4e792
+DIST sudo-1.8.22.tar.gz 3029051 BLAKE2B c77e05b6e9cee738902d6289327fb5d34d19833d96597f983d8af01434d224dd698f9257b0965a0e480e8d19eb38eef0c8216942ca5217c3fe7516cdf397f7b7 SHA512 5ce10a9302d25bb726e347499d26a0b3697446cfcdf0fd9094ee35198db7b023d5250a53fdcb4184d1a09f5fd2a78fc645bc8e80f265666b05a91f62f49b0695

diff --git a/app-admin/sudo/sudo-1.8.20_p2.ebuild b/app-admin/sudo/sudo-1.8.22-r2.ebuild
similarity index 91%
rename from app-admin/sudo/sudo-1.8.20_p2.ebuild
rename to app-admin/sudo/sudo-1.8.22-r2.ebuild
index b17e72c..4aa5303 100644
--- a/app-admin/sudo/sudo-1.8.20_p2.ebuild
+++ b/app-admin/sudo/sudo-1.8.22-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -14,8 +14,8 @@ case ${P} in
 esac
 
 DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="http://www.sudo.ws/"
-SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
+HOMEPAGE="https://www.sudo.ws/"
+SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
 	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
 
 # Basic license is ISC-style as-is, some files are released under
@@ -25,12 +25,13 @@ SLOT="0"
 if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
 	KEYWORDS="x86"
 fi
-IUSE="gcrypt ldap nls pam offensive openssl selinux skey +sendmail"
+IUSE="gcrypt ldap nls pam offensive openssl sasl selinux +sendmail skey"
 
 CDEPEND="
 	gcrypt? ( dev-libs/libgcrypt:= )
 	openssl? ( dev-libs/openssl:0= )
 	pam? ( virtual/pam )
+	sasl? ( dev-libs/cyrus-sasl )
 	skey? ( >=sys-auth/skey-1.1.5-r1 )
 	ldap? (
 		>=net-nds/openldap-2.1.30-r1
@@ -129,6 +130,7 @@ src_configure() {
 		$(use_enable gcrypt)
 		$(use_enable nls)
 		$(use_enable openssl)
+		$(use_enable sasl)
 		$(use_with offensive insults)
 		$(use_with offensive all-insults)
 		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
@@ -142,7 +144,6 @@ src_configure() {
 	if [[ $(tc-arch) == x86 ]]; then
 		myeconfargs=( --disable-hardening )
 	fi
-
 	econf "${myeconfargs[@]}"
 }
 
@@ -172,15 +173,22 @@ src_install() {
 
 	pamd_mimic system-auth sudo auth account session
 
-	keepdir /var/db/sudo
-	fperms 0700 /var/db/sudo
+	keepdir /var/db/sudo/lectured
+	fperms 0700 /var/db/sudo/lectured
+	fperms 0711 /var/db/sudo #652958
 
 	# Don't install into /var/run as that is a tmpfs most of the time
 	# (bug #504854)
-	rm -rf "${D}"/var/run
+	rm -rf "${ED}"/var/run
 }
 
 pkg_postinst() {
+	#652958
+	local sudo_db="${EROOT}/var/db/sudo"
+	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
+		chmod 711 "${sudo_db}" || die
+	fi
+
 	if use ldap ; then
 		ewarn
 		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."

[gentoo-commits] proj/musl:master commit in: app-admin/sudo/

[Anthony G. Basile]

commit:     cdc9710d440dc0d4d7c8884a16f2254ef1c7ee03
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 29 14:38:28 2018 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Dec 29 14:38:28 2018 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=cdc9710d

app-admin/sudo: in tree version works

Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

 app-admin/sudo/Manifest              |   1 -
 app-admin/sudo/metadata.xml          |  33 -----
 app-admin/sudo/sudo-1.8.22-r2.ebuild | 229 -----------------------------------
 3 files changed, 263 deletions(-)

diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
deleted file mode 100644
index 87e58ff..0000000
--- a/app-admin/sudo/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST sudo-1.8.22.tar.gz 3029051 BLAKE2B c77e05b6e9cee738902d6289327fb5d34d19833d96597f983d8af01434d224dd698f9257b0965a0e480e8d19eb38eef0c8216942ca5217c3fe7516cdf397f7b7 SHA512 5ce10a9302d25bb726e347499d26a0b3697446cfcdf0fd9094ee35198db7b023d5250a53fdcb4184d1a09f5fd2a78fc645bc8e80f265666b05a91f62f49b0695

diff --git a/app-admin/sudo/metadata.xml b/app-admin/sudo/metadata.xml
deleted file mode 100644
index 1625b90..0000000
--- a/app-admin/sudo/metadata.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-  <maintainer type="project">
-    <email>base-system@gentoo.org</email>
-    <name>Gentoo Base System</name>
-  </maintainer>
-  <longdescription lang="en">
-    Sudo (superuser do) allows a system administrator to give certain
-    users (or groups of users) the ability to run some (or all)
-    commands as root or another user while logging the commands and
-    arguments.
-  </longdescription>
-  <use>
-	<flag name="gcrypt">
-		Use SHA2 from <pkg>dev-libs/libgcrypt</pkg>
-		instead of sudo's internal SHA2.
-	</flag>
-	<flag name="offensive">
-		Let sudo print insults when the user types the wrong password.
-	</flag>
-	<flag name="openssl">
-		Use SHA2 from <pkg>dev-libs/openssl</pkg>
-		instead of sudo's internal SHA2.
-	</flag>
-	<flag name="sendmail">
-		Allow sudo to send emails with sendmail.
-	</flag>
-  </use>
-  <upstream>
-    <remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id>
-  </upstream>
-</pkgmetadata>

diff --git a/app-admin/sudo/sudo-1.8.22-r2.ebuild b/app-admin/sudo/sudo-1.8.22-r2.ebuild
deleted file mode 100644
index 4aa5303..0000000
--- a/app-admin/sudo/sudo-1.8.22-r2.ebuild
+++ /dev/null
@@ -1,229 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils pam multilib libtool
-
-MY_P=${P/_/}
-MY_P=${MY_P/beta/b}
-
-uri_prefix=
-case ${P} in
-	*_beta*|*_rc*) uri_prefix=beta/ ;;
-esac
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="https://www.sudo.ws/"
-SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
-	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
-	KEYWORDS="x86"
-fi
-IUSE="gcrypt ldap nls pam offensive openssl sasl selinux +sendmail skey"
-
-CDEPEND="
-	gcrypt? ( dev-libs/libgcrypt:= )
-	openssl? ( dev-libs/openssl:0= )
-	pam? ( virtual/pam )
-	sasl? ( dev-libs/cyrus-sasl )
-	skey? ( >=sys-auth/skey-1.1.5-r1 )
-	ldap? (
-		>=net-nds/openldap-2.1.30-r1
-		dev-libs/cyrus-sasl
-	)
-	sys-libs/zlib
-"
-RDEPEND="
-	${CDEPEND}
-	selinux? ( sec-policy/selinux-sudo )
-	ldap? ( dev-lang/perl )
-	pam? ( sys-auth/pambase )
-	>=app-misc/editor-wrapper-3
-	virtual/editor
-	sendmail? ( virtual/mta )
-"
-DEPEND="
-	${CDEPEND}
-	sys-devel/bison
-"
-
-S="${WORKDIR}/${MY_P}"
-
-REQUIRED_USE="
-	pam? ( !skey )
-	skey? ( !pam )
-	?? ( gcrypt openssl )
-"
-
-MAKEOPTS+=" SAMPLES="
-
-src_prepare() {
-	default
-	elibtoolize
-}
-
-set_rootpath() {
-	# FIXME: secure_path is a compile time setting. using ROOTPATH
-	# is not perfect, env-update may invalidate this, but until it
-	# is available as a sudoers setting this will have to do.
-	einfo "Setting secure_path ..."
-
-	# first extract the default ROOTPATH from build env
-	ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
-	if [[ -z ${ROOTPATH} ]] ; then
-		ewarn "	Failed to find ROOTPATH, please report this"
-	fi
-
-	# then remove duplicate path entries
-	cleanpath() {
-		local newpath thisp IFS=:
-		for thisp in $1 ; do
-			if [[ :${newpath}: != *:${thisp}:* ]] ; then
-				newpath+=:$thisp
-			else
-				einfo "   Duplicate entry ${thisp} removed..."
-			fi
-		done
-		ROOTPATH=${newpath#:}
-	}
-	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
-
-	# finally, strip gcc paths #136027
-	rmpath() {
-		local e newpath thisp IFS=:
-		for thisp in ${ROOTPATH} ; do
-			for e ; do [[ $thisp == $e ]] && continue 2 ; done
-			newpath+=:$thisp
-		done
-		ROOTPATH=${newpath#:}
-	}
-	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
-	einfo "... done"
-}
-
-src_configure() {
-	local ROOTPATH
-	set_rootpath
-
-	# audit: somebody got to explain me how I can test this before I
-	# enable it.. - Diego
-	# plugindir: autoconf code is crappy and does not delay evaluation
-	# until `make` time, so we have to use a full path here rather than
-	# basing off other values.
-	myeconfargs=(
-		--enable-zlib=system
-		--with-editor="${EPREFIX}"/usr/libexec/editor
-		--with-env-editor
-		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
-		--with-rundir="${EPREFIX}"/var/run/sudo
-		--with-secure-path="${ROOTPATH}"
-		--with-vardir="${EPREFIX}"/var/db/sudo
-		--without-linux-audit
-		--without-opie
-		$(use_enable gcrypt)
-		$(use_enable nls)
-		$(use_enable openssl)
-		$(use_enable sasl)
-		$(use_with offensive insults)
-		$(use_with offensive all-insults)
-		$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
-		$(use_with ldap)
-		$(use_with pam)
-		$(use_with skey)
-		$(use_with selinux)
-		$(use_with sendmail)
-	)
-
-	if [[ $(tc-arch) == x86 ]]; then
-		myeconfargs=( --disable-hardening )
-	fi
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	if use ldap ; then
-		dodoc README.LDAP
-		dosbin plugins/sudoers/sudoers2ldif
-
-		cat <<-EOF > "${T}"/ldap.conf.sudo
-		# See ldap.conf(5) and README.LDAP for details
-		# This file should only be readable by root
-
-		# supported directives: host, port, ssl, ldap_version
-		# uri, binddn, bindpw, sudoers_base, sudoers_debug
-		# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
-		EOF
-
-		insinto /etc
-		doins "${T}"/ldap.conf.sudo
-		fperms 0440 /etc/ldap.conf.sudo
-
-		insinto /etc/openldap/schema
-		newins doc/schema.OpenLDAP sudo.schema
-	fi
-
-	pamd_mimic system-auth sudo auth account session
-
-	keepdir /var/db/sudo/lectured
-	fperms 0700 /var/db/sudo/lectured
-	fperms 0711 /var/db/sudo #652958
-
-	# Don't install into /var/run as that is a tmpfs most of the time
-	# (bug #504854)
-	rm -rf "${ED}"/var/run
-}
-
-pkg_postinst() {
-	#652958
-	local sudo_db="${EROOT}/var/db/sudo"
-	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
-		chmod 711 "${sudo_db}" || die
-	fi
-
-	if use ldap ; then
-		ewarn
-		ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
-		ewarn
-		if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
-			ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
-			ewarn "configured in /etc/nsswitch.conf."
-			ewarn
-			ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
-			ewarn "  sudoers: ldap files"
-			ewarn
-		fi
-	fi
-	if use prefix ; then
-		ewarn
-		ewarn "To use sudo, you need to change file ownership and permissions"
-		ewarn "with root privileges, as follows:"
-		ewarn
-		ewarn "  # chown root:root ${EPREFIX}/usr/bin/sudo"
-		ewarn "  # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers"
-		ewarn "  # chown root:root ${EPREFIX}/etc/sudoers.d"
-		ewarn "  # chown root:root ${EPREFIX}/var/db/sudo"
-		ewarn "  # chmod 4111 ${EPREFIX}/usr/bin/sudo"
-		ewarn
-	fi
-
-	elog "To use the -A (askpass) option, you need to install a compatible"
-	elog "password program from the following list. Starred packages will"
-	elog "automatically register for the use with sudo (but will not force"
-	elog "the -A option):"
-	elog ""
-	elog " [*] net-misc/ssh-askpass-fullscreen"
-	elog "     net-misc/x11-ssh-askpass"
-	elog ""
-	elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
-	elog "variable to the program you want to use."
-}