From 8fa32174f76cb771bbe790d00b2cc27b167f627b Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Mon, 7 Jan 2019 17:06:08 +0000
Subject: [PATCH] app-admin/sudo: Sync with the latest stable version from
 Gentoo

This switches from /var/run to /run to silence tmpfiles warnings.
---
 .../coreos-overlay/app-admin/sudo/Manifest    |  2 +-
 .../app-admin/sudo/metadata.xml               |  1 +
 ...1.8.23.ebuild => sudo-1.8.25_p1-r1.ebuild} | 85 ++++++++++++-------
 .../metadata/md5-cache/app-admin/sudo-1.8.23  | 14 ---
 .../md5-cache/app-admin/sudo-1.8.25_p1-r1     | 14 +++
 5 files changed, 69 insertions(+), 47 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/app-admin/sudo/{sudo-1.8.23.ebuild => sudo-1.8.25_p1-r1.ebuild} (74%)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.23
 create mode 100644 sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.25_p1-r1

diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
index db973590ea..5a30d2da6a 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/Manifest
@@ -1 +1 @@
-DIST sudo-1.8.23.tar.gz 3150674 BLAKE2B 11b1c7bfa372005cda8baf651c4662f6fd15e94ca77f7705b23ca6573424796d5c1f8e47e2874c4b54017141d01a632885ac60c92346d932537048373cad0ede SHA512 a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342
+DIST sudo-1.8.25p1.tar.gz 3189951 BLAKE2B ebfedaad62e60f625db8c46a5c8f19977a5ec0a86bab3b34d91096c08e8b8ece056ba312f9fecd4cdd704fc17d49a36681b41cd40269df7c67cd66d80c0d8efb SHA512 b1445be688d3c1dd7efbdfab68977a7a9b6fd6887191dc99ca717117eec0a550492642556cd55ca5873d054ddc5ccc2b87b2c34602e1ffc729ab6fbc4e523a72
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml
index fd239654c5..66a78473b2 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/metadata.xml
@@ -16,6 +16,7 @@
 		<flag name="offensive">Let sudo print insults when the user types the wrong password</flag>
 		<flag name="openssl">Use SHA2 from <pkg>dev-libs/openssl</pkg> instead of sudo's internal SHA2</flag>
 		<flag name="sendmail">Allow sudo to send emails with sendmail</flag>
+		<flag name="sssd">Add System Security Services Daemon support</flag>
 	</use>
 	<upstream>
 		<remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id>
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.23.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild
similarity index 74%
rename from sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.23.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild
index 7378518071..284b319e05 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.23.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/sudo/sudo-1.8.25_p1-r1.ebuild
@@ -1,9 +1,13 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
 
-inherit eutils pam multilib libtool
+inherit eutils pam multilib libtool tmpfiles
+if [[ ${PV} == "9999" ]] ; then
+	EHG_REPO_URI="https://www.sudo.ws/repos/sudo"
+	inherit mercurial
+fi
 
 MY_P=${P/_/}
 MY_P=${MY_P/beta/b}
@@ -15,36 +19,40 @@ esac
 
 DESCRIPTION="Allows users or groups to run commands as other users"
 HOMEPAGE="https://www.sudo.ws/"
-SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
-	ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
+if [[ ${PV} != "9999" ]] ; then
+	SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
+		ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
+	if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
+		KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"
+	fi
+fi
 
 # Basic license is ISC-style as-is, some files are released under
 # 3-clause BSD license
 LICENSE="ISC BSD"
 SLOT="0"
-if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
-	KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris"
-fi
-IUSE="gcrypt ldap nls pam offensive openssl sasl selinux +sendmail skey sssd"
+IUSE="gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey sssd"
 
 CDEPEND="
+	sys-libs/zlib:=
 	gcrypt? ( dev-libs/libgcrypt:= )
-	openssl? ( dev-libs/openssl:0= )
-	pam? ( virtual/pam )
-	sasl? ( dev-libs/cyrus-sasl )
-	skey? ( >=sys-auth/skey-1.1.5-r1 )
 	ldap? (
 		>=net-nds/openldap-2.1.30-r1
 		dev-libs/cyrus-sasl
 	)
-	sys-libs/zlib
+	openssl? ( dev-libs/openssl:0= )
+	pam? ( virtual/pam )
+	sasl? ( dev-libs/cyrus-sasl )
+	skey? ( >=sys-auth/skey-1.1.5-r1 )
+	sssd? ( sys-auth/sssd[sudo] )
 "
 RDEPEND="
 	${CDEPEND}
-	selinux? ( sec-policy/selinux-sudo )
-	pam? ( sys-auth/pambase )
 	>=app-misc/editor-wrapper-3
 	virtual/editor
+	ldap? ( dev-lang/perl )
+	pam? ( sys-auth/pambase )
+	selinux? ( sec-policy/selinux-sudo )
 	sendmail? ( virtual/mta )
 "
 DEPEND="
@@ -67,16 +75,23 @@ src_prepare() {
 	elibtoolize
 }
 
-set_rootpath() {
-	# FIXME: secure_path is a compile time setting. using ROOTPATH
-	# is not perfect, env-update may invalidate this, but until it
+set_secure_path() {
+	# FIXME: secure_path is a compile time setting. using PATH or
+	# ROOTPATH is not perfect, env-update may invalidate this, but until it
 	# is available as a sudoers setting this will have to do.
 	einfo "Setting secure_path ..."
 
 	# first extract the default ROOTPATH from build env
-	ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
-	if [[ -z ${ROOTPATH} ]] ; then
-		ewarn "	Failed to find ROOTPATH, please report this"
+	SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
+		echo "${ROOTPATH}")
+		case "${SECURE_PATH}" in
+			*/usr/sbin*) ;;
+			*) SECURE_PATH=$(unset PATH;
+				. "${EPREFIX}"/etc/profile.env; echo "${PATH}")
+				;;
+		esac
+	if [[ -z ${SECURE_PATH} ]] ; then
+		ewarn "	Failed to detect SECURE_PATH, please report this"
 	fi
 
 	# then remove duplicate path entries
@@ -89,18 +104,18 @@ set_rootpath() {
 				einfo "   Duplicate entry ${thisp} removed..."
 			fi
 		done
-		ROOTPATH=${newpath#:}
+		SECURE_PATH=${newpath#:}
 	}
-	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
+	cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
 
 	# finally, strip gcc paths #136027
 	rmpath() {
 		local e newpath thisp IFS=:
-		for thisp in ${ROOTPATH} ; do
+		for thisp in ${SECURE_PATH} ; do
 			for e ; do [[ $thisp == $e ]] && continue 2 ; done
 			newpath+=:$thisp
 		done
-		ROOTPATH=${newpath#:}
+		SECURE_PATH=${newpath#:}
 	}
 	rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
 
@@ -108,8 +123,8 @@ set_rootpath() {
 }
 
 src_configure() {
-	local ROOTPATH
-	set_rootpath
+	local SECURE_PATH
+	set_secure_path
 
 	# audit: somebody got to explain me how I can test this before I
 	# enable it.. - Diego
@@ -118,11 +133,12 @@ src_configure() {
 	# basing off other values.
 	myeconfargs=(
 		--enable-zlib=system
+		--enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
 		--with-editor="${EPREFIX}"/usr/libexec/editor
 		--with-env-editor
 		--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
-		--with-rundir="${EPREFIX}"/var/run/sudo
-		--with-secure-path="${ROOTPATH}"
+		--with-rundir="${EPREFIX}"/run/sudo
+		--with-secure-path="${SECURE_PATH}"
 		--with-vardir="${EPREFIX}"/var/db/sudo
 		--without-linux-audit
 		--without-opie
@@ -136,9 +152,9 @@ src_configure() {
 		$(use_with ldap)
 		$(use_with pam)
 		$(use_with skey)
+		$(use_with sssd)
 		$(use_with selinux)
 		$(use_with sendmail)
-		$(use_with sssd)
 	)
 	econf "${myeconfargs[@]}"
 }
@@ -161,6 +177,9 @@ src_install() {
 		insinto /etc
 		doins "${T}"/ldap.conf.sudo
 		fperms 0440 /etc/ldap.conf.sudo
+
+		insinto /etc/openldap/schema
+		newins doc/schema.OpenLDAP sudo.schema
 	fi
 
 	pamd_mimic system-auth sudo auth account session
@@ -169,12 +188,14 @@ src_install() {
 	fperms 0700 /var/db/sudo/lectured
 	fperms 0711 /var/db/sudo #652958
 
-	# Don't install into /var/run as that is a tmpfs most of the time
+	# Don't install into /run as that is a tmpfs most of the time
 	# (bug #504854)
-	rm -rf "${ED}"/var/run
+	rm -rf "${ED%/}"/run
 }
 
 pkg_postinst() {
+	tmpfiles_process sudo.conf
+
 	#652958
 	local sudo_db="${EROOT}/var/db/sudo"
 	if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.23 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.23
deleted file mode 100644
index 391952cbc2..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.23
+++ /dev/null
@@ -1,14 +0,0 @@
-DEFINED_PHASES=configure install postinst prepare
-DEPEND=gcrypt? ( dev-libs/libgcrypt:= ) openssl? ( dev-libs/openssl:0= ) pam? ( virtual/pam ) sasl? ( dev-libs/cyrus-sasl ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ldap? ( >=net-nds/openldap-2.1.30-r1 dev-libs/cyrus-sasl ) sys-libs/zlib sys-devel/bison >=app-portage/elt-patches-20170815
-DESCRIPTION=Allows users or groups to run commands as other users
-EAPI=6
-HOMEPAGE=https://www.sudo.ws/
-IUSE=gcrypt ldap nls pam offensive openssl sasl selinux +sendmail skey sssd
-KEYWORDS=~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris
-LICENSE=ISC BSD
-RDEPEND=gcrypt? ( dev-libs/libgcrypt:= ) openssl? ( dev-libs/openssl:0= ) pam? ( virtual/pam ) sasl? ( dev-libs/cyrus-sasl ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ldap? ( >=net-nds/openldap-2.1.30-r1 dev-libs/cyrus-sasl ) sys-libs/zlib selinux? ( sec-policy/selinux-sudo ) pam? ( sys-auth/pambase ) >=app-misc/editor-wrapper-3 virtual/editor sendmail? ( virtual/mta )
-REQUIRED_USE=pam? ( !skey ) skey? ( !pam ) ?? ( gcrypt openssl )
-SLOT=0
-SRC_URI=https://www.sudo.ws/sudo/dist/sudo-1.8.23.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.23.tar.gz
-_eclasses_=desktop	b1d22ac8bdd4679ab79c71aca235009d	epatch	a1bf4756dba418a7238f3be0cb010c54	estack	43ddf5aaffa7a8d0482df54d25a66a1f	eutils	6e6c2737b59a4b982de6fb3ecefd87f8	flag-o-matic	55aaa148741116aa54ad0d80e361818e	libtool	f143db5a74ccd9ca28c1234deffede96	ltprune	08f9e1d9ee0af8f5d9a7854efbcd8c0e	multilib	b2f01ad412baf81650c23fcf0975fa33	pam	3e788d86170dfcd5b06824d898315e18	preserve-libs	ef207dc62baddfddfd39a164d9797648	toolchain-funcs	f164325a2cdb5b3ea39311d483988861	vcs-clean	2a0f74a496fa2b1552c4f3398258b7bf
-_md5_=56028a79359e8e73d5e9c152ae1eaa31
diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.25_p1-r1 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.25_p1-r1
new file mode 100644
index 0000000000..19a3d333c5
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/sudo-1.8.25_p1-r1
@@ -0,0 +1,14 @@
+DEFINED_PHASES=configure install postinst prepare
+DEPEND=sys-libs/zlib:= gcrypt? ( dev-libs/libgcrypt:= ) ldap? ( >=net-nds/openldap-2.1.30-r1 dev-libs/cyrus-sasl ) openssl? ( dev-libs/openssl:0= ) pam? ( virtual/pam ) sasl? ( dev-libs/cyrus-sasl ) skey? ( >=sys-auth/skey-1.1.5-r1 ) sssd? ( sys-auth/sssd[sudo] ) sys-devel/bison >=app-portage/elt-patches-20170815
+DESCRIPTION=Allows users or groups to run commands as other users
+EAPI=6
+HOMEPAGE=https://www.sudo.ws/
+IUSE=gcrypt ldap nls offensive openssl pam sasl selinux +sendmail skey sssd
+KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~sparc-solaris
+LICENSE=ISC BSD
+RDEPEND=sys-libs/zlib:= gcrypt? ( dev-libs/libgcrypt:= ) ldap? ( >=net-nds/openldap-2.1.30-r1 dev-libs/cyrus-sasl ) openssl? ( dev-libs/openssl:0= ) pam? ( virtual/pam ) sasl? ( dev-libs/cyrus-sasl ) skey? ( >=sys-auth/skey-1.1.5-r1 ) sssd? ( sys-auth/sssd[sudo] ) >=app-misc/editor-wrapper-3 virtual/editor ldap? ( dev-lang/perl ) pam? ( sys-auth/pambase ) selinux? ( sec-policy/selinux-sudo ) sendmail? ( virtual/mta ) virtual/tmpfiles
+REQUIRED_USE=pam? ( !skey ) skey? ( !pam ) ?? ( gcrypt openssl )
+SLOT=0
+SRC_URI=https://www.sudo.ws/sudo/dist/sudo-1.8.25p1.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.25p1.tar.gz
+_eclasses_=desktop	b1d22ac8bdd4679ab79c71aca235009d	epatch	a1bf4756dba418a7238f3be0cb010c54	estack	43ddf5aaffa7a8d0482df54d25a66a1f	eutils	6e6c2737b59a4b982de6fb3ecefd87f8	flag-o-matic	55aaa148741116aa54ad0d80e361818e	libtool	f143db5a74ccd9ca28c1234deffede96	ltprune	08f9e1d9ee0af8f5d9a7854efbcd8c0e	multilib	b2f01ad412baf81650c23fcf0975fa33	pam	3e788d86170dfcd5b06824d898315e18	preserve-libs	ef207dc62baddfddfd39a164d9797648	tmpfiles	c8f9ea76ade103890e42d0f339afb64c	toolchain-funcs	f164325a2cdb5b3ea39311d483988861	vcs-clean	2a0f74a496fa2b1552c4f3398258b7bf
+_md5_=5895eb5b166b6d00d59ca99d0d95558a