mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-29 17:41:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

add-admin/sudo: Sync with Gentoo upstream; updates to 1.9.12_p1

Browse Source 
gentoo syncref: 82f5b130cc
This commit is contained in:
Sayan Chowdhury 2022-11-15 05:15:58 +00:00
parent 340f597eae
commit 32089482da
4 changed files with 64 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest vendored
View File

@ -1,2 +1,2 @@
DIST sudo-1.9.10.tar.gz 4516568 BLAKE2B 94d97379e31b41917616a829cbece3d3fce7dd6ab9d04791b928981c14249c306508298655c19dc59a054ccf7deed4e69e65367cbfe9f6d8b5aba8895cfa6064 SHA512 65cf92b67b64413cb807da8b9602fc90b75e5b30dd1402d682ca36f276a3d6209a8a59c14e463898abc9856bc56263e5ba4bb6d44774f56a2885a9eea4a35375 DIST sudo-1.9.12p1.tar.gz 4908060 BLAKE2B 976d00fb16b0d26b2714a188e379ccba102e0fa67b8ec6278e5435728af0cc9ba23d63db64a87d4e14d59cd52d3f62401943eb7c0f9c33317179ff764a9f950c SHA512 6f564112aa1e0e9cd223adb280bd430d513109c031e52deca308501234dedc0d7418f13cbb9b4249ac58d997cfdae1908c280c26733acbc55dbf9db45dff239a
DIST sudo-1.9.10.tar.gz.sig 566 BLAKE2B 808919c826faa4f63efc283461f9f2089fd745aaf7462bcc41c505e7f978e7d56307202f96548d95844c99236fec10cada8438b935a1e1b6ea3601ee857d6900 SHA512 4ea0b736783b8e7be47645f770d7684d99c31f901177d3527f1ff78f5126d41592a94d36c67762bf5cb941eed80b9f585637aaa81d7f4920576d31a83f447323 DIST sudo-1.9.12p1.tar.gz.sig 566 BLAKE2B 09f51a9f8eddaafc83bc5faac84ef0c0c37148beec025c777c1a19fd6ca88ecf354390f3557c31c74d13944093eb0ad921a2b7bdff04415f901fee549617e5f8 SHA512 6ec0596ad69fd6afc95d15a6e0ff871449e4534a651311371a4a604c258a34af6b41202cd2c636213d3128a811c5824338454cad764e1c05413ef02b551b7ae2

8
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/README.md vendored
View File

@ -1,8 +0,0 @@
## Flatcar changes
- Remove Perl Runtime Dependency
- Remove OpenLDAP schema files for sudo
```
insinto /etc/openldap/schema
newins doc/schema.OpenLDAP sudo.schema
```
- Remove sudo.conf file as it is shipped via baselayout

1
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml vendored
View File

@ -20,5 +20,6 @@
</use> </use>
<upstream> <upstream>
<remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id> <remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id>
<remote-id type="github">sudo-project/sudo</remote-id>
</upstream> </upstream>
</pkgmetadata> </pkgmetadata>

104
sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.10-r1.ebuild → sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.9.12_p1.ebuild vendored
View File

@ -1,7 +1,7 @@
# Copyright 1999-2022 Gentoo Authors # Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=7 EAPI=8
inherit pam libtool tmpfiles toolchain-funcs inherit pam libtool tmpfiles toolchain-funcs
@ -10,30 +10,37 @@ MY_P="${MY_P/beta/b}"
DESCRIPTION="Allows users or groups to run commands as other users" DESCRIPTION="Allows users or groups to run commands as other users"
HOMEPAGE="https://www.sudo.ws/" HOMEPAGE="https://www.sudo.ws/"
if [[ ${PV} == "9999" ]] ; then
if [[ ${PV} == 9999 ]] ; then
inherit mercurial inherit mercurial
EHG_REPO_URI="https://www.sudo.ws/repos/sudo" EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
else else
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sudo.ws.asc
inherit verify-sig inherit verify-sig
VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/sudo.ws.asc
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-sudo )"
uri_prefix= uri_prefix=
case ${P} in case ${P} in
*_beta*|*_rc*) uri_prefix=beta/ ;; *_beta*|*_rc*) uri_prefix=beta/ ;;
esac esac
SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz SRC_URI="
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz
verify-sig? ( verify-sig? (
https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz.sig
ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz.sig
)" )
if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then "
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~sparc-solaris"
if [[ ${PV} != *_beta* && ${PV} != *_rc* ]] ; then
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~sparc-solaris"
fi fi
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-sudo )"
fi fi
S="${WORKDIR}/${MY_P}"
# Basic license is ISC-style as-is, some files are released under # Basic license is ISC-style as-is, some files are released under
# 3-clause BSD license # 3-clause BSD license
LICENSE="ISC BSD" LICENSE="ISC BSD"
@ -53,16 +60,16 @@ DEPEND="
) )
pam? ( sys-libs/pam ) pam? ( sys-libs/pam )
sasl? ( dev-libs/cyrus-sasl ) sasl? ( dev-libs/cyrus-sasl )
selinux? ( sys-libs/libselinux )
skey? ( >=sys-auth/skey-1.1.5-r1 ) skey? ( >=sys-auth/skey-1.1.5-r1 )
ssl? ( dev-libs/openssl:0= ) ssl? ( dev-libs/openssl:0= )
sssd? ( sys-auth/sssd[sudo] ) sssd? ( sys-auth/sssd[sudo] )
" "
#Flatcar: Remove Perl runtime dependency
# ldap? ( dev-lang/perl )
RDEPEND=" RDEPEND="
${DEPEND} ${DEPEND}
>=app-misc/editor-wrapper-3 >=app-misc/editor-wrapper-3
virtual/editor virtual/editor
ldap? ( dev-lang/perl )
pam? ( sys-auth/pambase ) pam? ( sys-auth/pambase )
selinux? ( sec-policy/selinux-sudo ) selinux? ( sec-policy/selinux-sudo )
sendmail? ( virtual/mta ) sendmail? ( virtual/mta )
@ -72,8 +79,6 @@ BDEPEND+="
virtual/pkgconfig virtual/pkgconfig
" "
S="${WORKDIR}/${MY_P}"
REQUIRED_USE=" REQUIRED_USE="
?? ( pam skey ) ?? ( pam skey )
?? ( gcrypt ssl ) ?? ( gcrypt ssl )
@ -83,24 +88,27 @@ MAKEOPTS+=" SAMPLES="
src_prepare() { src_prepare() {
default default
elibtoolize elibtoolize
} }
set_secure_path() { set_secure_path() {
# first extract the default ROOTPATH from build env # First extract the default ROOTPATH from build env
SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
echo "${ROOTPATH}")
case "${SECURE_PATH}" in case "${SECURE_PATH}" in
*/usr/sbin*) ;; */usr/sbin*)
*) SECURE_PATH=$(unset PATH; ;;
. "${EPREFIX}"/etc/profile.env; echo "${PATH}") *)
;; SECURE_PATH=$(unset PATH; . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
esac ;;
esac
if [[ -z ${SECURE_PATH} ]] ; then if [[ -z ${SECURE_PATH} ]] ; then
ewarn " Failed to detect SECURE_PATH, please report this" ewarn " Failed to detect SECURE_PATH, please report this"
fi fi
# then remove duplicate path entries # Then remove duplicate path entries
cleanpath() { cleanpath() {
local newpath thisp IFS=: local newpath thisp IFS=:
for thisp in $1 ; do for thisp in $1 ; do
@ -114,11 +122,13 @@ set_secure_path() {
} }
cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}} cleanpath /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
# finally, strip gcc paths #136027 # Finally, strip gcc paths, bug #136027
rmpath() { rmpath() {
local e newpath thisp IFS=: local e newpath thisp IFS=:
for thisp in ${SECURE_PATH} ; do for thisp in ${SECURE_PATH} ; do
for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done for e ; do
[[ ${thisp} == ${e} ]] && continue 2 ;
done
newpath+=:${thisp} newpath+=:${thisp}
done done
SECURE_PATH=${newpath#:} SECURE_PATH=${newpath#:}
@ -128,15 +138,25 @@ set_secure_path() {
src_configure() { src_configure() {
local SECURE_PATH local SECURE_PATH
set_secure_path
tc-export PKG_CONFIG #767712
# audit: somebody got to explain me how I can test this before I set_secure_path
# bug #767712
tc-export PKG_CONFIG
# - audit: somebody got to explain me how I can test this before I
# enable it.. - Diego # enable it.. - Diego
# plugindir: autoconf code is crappy and does not delay evaluation # - plugindir: autoconf code is crappy and does not delay evaluation
# until `make` time, so we have to use a full path here rather than # until `make` time, so we have to use a full path here rather than
# basing off other values. # basing off other values.
myeconfargs=( local myeconfargs=(
# We set all of the relevant options by ourselves (patched
# into the toolchain) and setting these in the build system
# actually causes a downgrade when using e.g. -D_FORTIFY_SOURCE=3
# (it'll downgrade to =2). So, this has no functional effect on
# the hardening for users. It's safe.
--disable-hardening
# requires some python eclass # requires some python eclass
--disable-python --disable-python
--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
@ -195,34 +215,32 @@ src_install() {
doins "${T}"/ldap.conf.sudo doins "${T}"/ldap.conf.sudo
fperms 0440 /etc/ldap.conf.sudo fperms 0440 /etc/ldap.conf.sudo
#Flatcar: we don't ship OpenLDAP schemas insinto /etc/openldap/schema
newins docs/schema.OpenLDAP sudo.schema
fi fi
if use pam; then if use pam ; then
pamd_mimic system-auth sudo auth account session pamd_mimic system-auth sudo auth account session
pamd_mimic system-auth sudo-i auth account session pamd_mimic system-auth sudo-i auth account session
fi fi
keepdir /var/db/sudo/lectured keepdir /var/db/sudo/lectured
fperms 0700 /var/db/sudo/lectured fperms 0700 /var/db/sudo/lectured
fperms 0711 /var/db/sudo #652958 # bug #652958
fperms 0711 /var/db/sudo
# Don't install into /run as that is a tmpfs most of the time # Don't install into /run as that is a tmpfs most of the time
# (bug #504854) # (bug #504854)
rm -rf "${ED}"/run || die rm -rf "${ED}"/run || die
find "${ED}" -type f -name "*.la" -delete || die #697812 # bug #697812
find "${ED}" -type f -name "*.la" -delete || die
# Flatcar: Remove sudo.conf as it is shipped via baselayout
rm "${ED}/etc/sudo.conf" || die
} }
pkg_postinst() { pkg_postinst() {
tmpfiles_process sudo.conf tmpfiles_process sudo.conf
#652958 # bug #652958
local sudo_db="${EROOT}/var/db/sudo" local sudo_db="${EROOT}/var/db/sudo"
if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
chmod 711 "${sudo_db}" || die chmod 711 "${sudo_db}" || die
@ -230,20 +248,20 @@ pkg_postinst() {
if use ldap ; then if use ldap ; then
ewarn ewarn
ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." ewarn "sudo uses the ${ROOT}/etc/ldap.conf.sudo file for ldap configuration."
ewarn ewarn
if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
ewarn "configured in /etc/nsswitch.conf." ewarn "configured in ${ROOT}/etc/nsswitch.conf."
ewarn ewarn
ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" ewarn "To make use of LDAP, add this line to your ${ROOT}/etc/nsswitch.conf:"
ewarn " sudoers: ldap files" ewarn " sudoers: ldap files"
ewarn ewarn
fi fi
fi fi
if use prefix ; then if use prefix ; then
ewarn ewarn
ewarn "To use sudo, you need to change file ownership and permissions" ewarn "To use sudo on Prefix, you need to change file ownership and permissions"
ewarn "with root privileges, as follows:" ewarn "with root privileges, as follows:"
ewarn ewarn
ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"