diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
index db973590ea..5a30d2da6a 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
@@ -1 +1 @@
-DIST sudo-1.8.23.tar.gz 3150674 BLAKE2B 11b1c7bfa372005cda8baf651c4662f6fd15e94ca77f7705b23ca6573424796d5c1f8e47e2874c4b54017141d01a632885ac60c92346d932537048373cad0ede SHA512 a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342
+DIST sudo-1.8.25p1.tar.gz 3189951 BLAKE2B ebfedaad62e60f625db8c46a5c8f19977a5ec0a86bab3b34d91096c08e8b8ece056ba312f9fecd4cdd704fc17d49a36681b41cd40269df7c67cd66d80c0d8efb SHA512 b1445be688d3c1dd7efbdfab68977a7a9b6fd6887191dc99ca717117eec0a550492642556cd55ca5873d054ddc5ccc2b87b2c34602e1ffc729ab6fbc4e523a72
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml
index fd239654c5..66a78473b2 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml
@@ -16,6 +16,7 @@
Let sudo print insults when the user types the wrong password
Use SHA2 from dev-libs/openssl instead of sudo's internal SHA2
Allow sudo to send emails with sendmail
+ Add System Security Services Daemon support
cpe:/a:todd_miller:sudo
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.23.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild
similarity index 74%
rename from sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.23.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild
index 7378518071..284b319e05 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.23.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild
@@ -1,9 +1,13 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
-inherit eutils pam multilib libtool
+inherit eutils pam multilib libtool tmpfiles
+if [[ ${PV} == "9999" ]] ; then
+ EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
+ inherit mercurial
+fi
MY_P=${P/_/}
MY_P=${MY_P/beta/b}
@@ -15,36 +19,40 @@ esac
DESCRIPTION="Allows users or groups to run commands as other users"
HOMEPAGE="https://www.sudo.ws/"
-SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
+if [[ ${PV} != "9999" ]] ; then
+ SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
+ ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
+ if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
+ KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"
+ fi
+fi
# Basic license is ISC-style as-is, some files are released under
# 3-clause BSD license
LICENSE="ISC BSD"
SLOT="0"
-if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
- KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"
-fi
-IUSE="gcrypt ldap nls pam offensive openssl sasl selinux +sendmail skey sssd"
+IUSE="gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey sssd"
CDEPEND="
+ sys-libs/zlib:=
gcrypt? ( dev-libs/libgcrypt:= )
- openssl? ( dev-libs/openssl:0= )
- pam? ( virtual/pam )
- sasl? ( dev-libs/cyrus-sasl )
- skey? ( >=sys-auth/skey-1.1.5-r1 )
ldap? (
>=net-nds/openldap-2.1.30-r1
dev-libs/cyrus-sasl
)
- sys-libs/zlib
+ openssl? ( dev-libs/openssl:0= )
+ pam? ( virtual/pam )
+ sasl? ( dev-libs/cyrus-sasl )
+ skey? ( >=sys-auth/skey-1.1.5-r1 )
+ sssd? ( sys-auth/sssd[sudo] )
"
RDEPEND="
${CDEPEND}
- selinux? ( sec-policy/selinux-sudo )
- pam? ( sys-auth/pambase )
>=app-misc/editor-wrapper-3
virtual/editor
+ ldap? ( dev-lang/perl )
+ pam? ( sys-auth/pambase )
+ selinux? ( sec-policy/selinux-sudo )
sendmail? ( virtual/mta )
"
DEPEND="
@@ -67,16 +75,23 @@ src_prepare() {
elibtoolize
}
-set_rootpath() {
- # FIXME: secure_path is a compile time setting. using ROOTPATH
- # is not perfect, env-update may invalidate this, but until it
+set_secure_path() {
+ # FIXME: secure_path is a compile time setting. using PATH or
+ # ROOTPATH is not perfect, env-update may invalidate this, but until it
# is available as a sudoers setting this will have to do.
einfo "Setting secure_path ..."
# first extract the default ROOTPATH from build env
- ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
- if [[ -z ${ROOTPATH} ]] ; then
- ewarn " Failed to find ROOTPATH, please report this"
+ SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
+ echo "${ROOTPATH}")
+ case "${SECURE_PATH}" in
+ */usr/sbin*) ;;
+ *) SECURE_PATH=$(unset PATH;
+ . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
+ ;;
+ esac
+ if [[ -z ${SECURE_PATH} ]] ; then
+ ewarn " Failed to detect SECURE_PATH, please report this"
fi
# then remove duplicate path entries
@@ -89,18 +104,18 @@ set_rootpath() {
einfo " Duplicate entry ${thisp} removed..."
fi
done
- ROOTPATH=${newpath#:}
+ SECURE_PATH=${newpath#:}
}
- cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
+ cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
# finally, strip gcc paths #136027
rmpath() {
local e newpath thisp IFS=:
- for thisp in ${ROOTPATH} ; do
+ for thisp in ${SECURE_PATH} ; do
for e ; do [[ $thisp == $e ]] && continue 2 ; done
newpath+=:$thisp
done
- ROOTPATH=${newpath#:}
+ SECURE_PATH=${newpath#:}
}
rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
@@ -108,8 +123,8 @@ set_rootpath() {
}
src_configure() {
- local ROOTPATH
- set_rootpath
+ local SECURE_PATH
+ set_secure_path
# audit: somebody got to explain me how I can test this before I
# enable it.. - Diego
@@ -118,11 +133,12 @@ src_configure() {
# basing off other values.
myeconfargs=(
--enable-zlib=system
+ --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
--with-editor="${EPREFIX}"/usr/libexec/editor
--with-env-editor
--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
- --with-rundir="${EPREFIX}"/var/run/sudo
- --with-secure-path="${ROOTPATH}"
+ --with-rundir="${EPREFIX}"/run/sudo
+ --with-secure-path="${SECURE_PATH}"
--with-vardir="${EPREFIX}"/var/db/sudo
--without-linux-audit
--without-opie
@@ -136,9 +152,9 @@ src_configure() {
$(use_with ldap)
$(use_with pam)
$(use_with skey)
+ $(use_with sssd)
$(use_with selinux)
$(use_with sendmail)
- $(use_with sssd)
)
econf "${myeconfargs[@]}"
}
@@ -161,6 +177,9 @@ src_install() {
insinto /etc
doins "${T}"/ldap.conf.sudo
fperms 0440 /etc/ldap.conf.sudo
+
+ insinto /etc/openldap/schema
+ newins doc/schema.OpenLDAP sudo.schema
fi
pamd_mimic system-auth sudo auth account session
@@ -169,12 +188,14 @@ src_install() {
fperms 0700 /var/db/sudo/lectured
fperms 0711 /var/db/sudo #652958
- # Don't install into /var/run as that is a tmpfs most of the time
+ # Don't install into /run as that is a tmpfs most of the time
# (bug #504854)
- rm -rf "${ED}"/var/run
+ rm -rf "${ED%/}"/run
}
pkg_postinst() {
+ tmpfiles_process sudo.conf
+
#652958
local sudo_db="${EROOT}/var/db/sudo"
if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.23 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.23
deleted file mode 100644
index 391952cbc2..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.23
+++ /dev/null
@@ -1,14 +0,0 @@
-DEFINED_PHASES=configure install postinst prepare
-DEPEND=gcrypt? ( dev-libs/libgcrypt:= ) openssl? ( dev-libs/openssl:0= ) pam? ( virtual/pam ) sasl? ( dev-libs/cyrus-sasl ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ldap? ( >=net-nds/openldap-2.1.30-r1 dev-libs/cyrus-sasl ) sys-libs/zlib sys-devel/bison >=app-portage/elt-patches-20170815
-DESCRIPTION=Allows users or groups to run commands as other users
-EAPI=6
-HOMEPAGE=https://www.sudo.ws/
-IUSE=gcrypt ldap nls pam offensive openssl sasl selinux +sendmail skey sssd
-KEYWORDS=~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris
-LICENSE=ISC BSD
-RDEPEND=gcrypt? ( dev-libs/libgcrypt:= ) openssl? ( dev-libs/openssl:0= ) pam? ( virtual/pam ) sasl? ( dev-libs/cyrus-sasl ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ldap? ( >=net-nds/openldap-2.1.30-r1 dev-libs/cyrus-sasl ) sys-libs/zlib selinux? ( sec-policy/selinux-sudo ) pam? ( sys-auth/pambase ) >=app-misc/editor-wrapper-3 virtual/editor sendmail? ( virtual/mta )
-REQUIRED_USE=pam? ( !skey ) skey? ( !pam ) ?? ( gcrypt openssl )
-SLOT=0
-SRC_URI=https://www.sudo.ws/sudo/dist/sudo-1.8.23.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.23.tar.gz
-_eclasses_=desktop b1d22ac8bdd4679ab79c71aca235009d epatch a1bf4756dba418a7238f3be0cb010c54 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 6e6c2737b59a4b982de6fb3ecefd87f8 flag-o-matic 55aaa148741116aa54ad0d80e361818e libtool f143db5a74ccd9ca28c1234deffede96 ltprune 08f9e1d9ee0af8f5d9a7854efbcd8c0e multilib b2f01ad412baf81650c23fcf0975fa33 pam 3e788d86170dfcd5b06824d898315e18 preserve-libs ef207dc62baddfddfd39a164d9797648 toolchain-funcs f164325a2cdb5b3ea39311d483988861 vcs-clean 2a0f74a496fa2b1552c4f3398258b7bf
-_md5_=56028a79359e8e73d5e9c152ae1eaa31
diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.25_p1-r1 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.25_p1-r1
new file mode 100644
index 0000000000..19a3d333c5
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.25_p1-r1
@@ -0,0 +1,14 @@
+DEFINED_PHASES=configure install postinst prepare
+DEPEND=sys-libs/zlib:= gcrypt? ( dev-libs/libgcrypt:= ) ldap? ( >=net-nds/openldap-2.1.30-r1 dev-libs/cyrus-sasl ) openssl? ( dev-libs/openssl:0= ) pam? ( virtual/pam ) sasl? ( dev-libs/cyrus-sasl ) skey? ( >=sys-auth/skey-1.1.5-r1 ) sssd? ( sys-auth/sssd[sudo] ) sys-devel/bison >=app-portage/elt-patches-20170815
+DESCRIPTION=Allows users or groups to run commands as other users
+EAPI=6
+HOMEPAGE=https://www.sudo.ws/
+IUSE=gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey sssd
+KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris
+LICENSE=ISC BSD
+RDEPEND=sys-libs/zlib:= gcrypt? ( dev-libs/libgcrypt:= ) ldap? ( >=net-nds/openldap-2.1.30-r1 dev-libs/cyrus-sasl ) openssl? ( dev-libs/openssl:0= ) pam? ( virtual/pam ) sasl? ( dev-libs/cyrus-sasl ) skey? ( >=sys-auth/skey-1.1.5-r1 ) sssd? ( sys-auth/sssd[sudo] ) >=app-misc/editor-wrapper-3 virtual/editor ldap? ( dev-lang/perl ) pam? ( sys-auth/pambase ) selinux? ( sec-policy/selinux-sudo ) sendmail? ( virtual/mta ) virtual/tmpfiles
+REQUIRED_USE=pam? ( !skey ) skey? ( !pam ) ?? ( gcrypt openssl )
+SLOT=0
+SRC_URI=https://www.sudo.ws/sudo/dist/sudo-1.8.25p1.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.25p1.tar.gz
+_eclasses_=desktop b1d22ac8bdd4679ab79c71aca235009d epatch a1bf4756dba418a7238f3be0cb010c54 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 6e6c2737b59a4b982de6fb3ecefd87f8 flag-o-matic 55aaa148741116aa54ad0d80e361818e libtool f143db5a74ccd9ca28c1234deffede96 ltprune 08f9e1d9ee0af8f5d9a7854efbcd8c0e multilib b2f01ad412baf81650c23fcf0975fa33 pam 3e788d86170dfcd5b06824d898315e18 preserve-libs ef207dc62baddfddfd39a164d9797648 tmpfiles c8f9ea76ade103890e42d0f339afb64c toolchain-funcs f164325a2cdb5b3ea39311d483988861 vcs-clean 2a0f74a496fa2b1552c4f3398258b7bf
+_md5_=5895eb5b166b6d00d59ca99d0d95558a