commit: 29c55bb31c9ab70d0ff0235432ab646b29f77188
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 24 17:32:06 2020 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Nov 24 17:32:16 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29c55bb3
app-admin/sudo: Removed old
Package-Manager: Portage-3.0.10, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
app-admin/sudo/Manifest | 1 -
app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch | 308 -----------------------
app-admin/sudo/sudo-1.9.2-r1.ebuild | 265 -------------------
app-admin/sudo/sudo-1.9.2.ebuild | 263 -------------------
4 files changed, 837 deletions(-)
diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 46bb87376cb..af5d1aa60cb 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1,3 +1,2 @@
-DIST sudo-1.9.2.tar.gz 3890859 BLAKE2B
879917b8045c999a17ef36006732509aa546ee6bb04de77191fb637aa0420d54f9e51ec69b697c22119d638393e9c84efcc1ca5e6e8ee5f0c08bb1ca07f3acea
SHA512
20afdf2604b1c93395157382b24f225cd1ff88d3a892362e2d69fecd240c4e7171f05032c08be1778cd1dea6e460025e4241f57272fac0ea3550e220b6d73d21
DIST sudo-1.9.3p1.tar.gz 3958071 BLAKE2B
b681c120faa5dc7f25e27c1be423d68cea70f63dcdfea2183fd386a34dec0376555453399d3f8886c66c6507343648d40b59a058710432154061b210df2a704c
SHA512
3ad13fd03e5b371fd6bf7909731ffc11431d2182a744b654f7e5d4b810e47955d49bc78f551afe13ec56acbce694139c33a15bc022cea41b17af5496b8b7f89f
DIST sudo-1.9.4rc1.tar.gz 3990112 BLAKE2B
f08f5651c6688bcf9ebaf95fcadeb5a78e7f78201d1d67fb9808b950df1f882b80b162acb79ee37c2b786045286202746fcb82c4659d57cafdfe74d4da79e86e
SHA512
cf745dd1f798097fff38b6c74e9446005e589990b3580ba42e1af6bd68fbf084d6da836795a83f5222274ffff305a0899aae103723e68fd1c0ccaee7f16a477a
diff --git a/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch
b/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch
deleted file mode 100644
index 6134fe736d0..00000000000
--- a/app-admin/sudo/files/sudo-1.9.2-glibc-2.32.patch
+++ /dev/null
@@ -1,308 +0,0 @@
-
-# HG changeset patch
-# User Todd C. Miller <todd.mil...@sudo.ws>
-# Date 1598395693 21600
-# Node ID e30482f26924b07775d87ae591e54ad72e794d5e
-# Parent 1ede927d99b3cb06ba514c9fd2fd7fa9a014a1b2
-Use sigabbrev_np(3) to access signal abbreviations if supported.
-glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3) instead.
-
-diff -r 1ede927d99b3 -r e30482f26924 config.h.in
---- a/config.h.in Mon Aug 17 19:37:09 2020 -0600
-+++ b/config.h.in Tue Aug 25 16:48:13 2020 -0600
-@@ -740,6 +740,9 @@
- /* Define to 1 if you have the `sig2str' function. */
- #undef HAVE_SIG2STR
-
-+/* Define to 1 if you have the `sigabbrev_np' function. */
-+#undef HAVE_SIGABBREV_NP
-+
- /* Define to 1 if you use S/Key. */
- #undef HAVE_SKEY
-
-diff -r 1ede927d99b3 -r e30482f26924 configure
---- a/configure Mon Aug 17 19:37:09 2020 -0600
-+++ b/configure Tue Aug 25 16:48:13 2020 -0600
-@@ -23687,9 +23687,21 @@
-
-
- if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then
-- COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
-- HAVE_SIGNAME="false"
-- ac_fn_c_check_decl "$LINENO" "sys_signame" "ac_cv_have_decl_sys_signame" "
-+ for ac_func in sigabbrev_np
-+do :
-+ ac_fn_c_check_func "$LINENO" "sigabbrev_np" "ac_cv_func_sigabbrev_np"
-+if test "x$ac_cv_func_sigabbrev_np" = xyes; then :
-+ cat >>confdefs.h <<_ACEOF
-+#define HAVE_SIGABBREV_NP 1
-+_ACEOF
-+
-+fi
-+done
-+
-+ if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then
-+ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+
}strsig_test"
-+ HAVE_SIGNAME="false"
-+ ac_fn_c_check_decl "$LINENO" "sys_signame"
"ac_cv_have_decl_sys_signame" "
- $ac_includes_default
- #include <signal.h>
-
-@@ -23705,7 +23717,7 @@
- _ACEOF
- if test $ac_have_decl = 1; then :
-
-- HAVE_SIGNAME="true"
-+ HAVE_SIGNAME="true"
-
- fi
- ac_fn_c_check_decl "$LINENO" "_sys_signame" "ac_cv_have_decl__sys_signame" "
-@@ -23724,7 +23736,7 @@
- _ACEOF
- if test $ac_have_decl = 1; then :
-
-- HAVE_SIGNAME="true"
-+ HAVE_SIGNAME="true"
-
- fi
- ac_fn_c_check_decl "$LINENO" "sys_sigabbrev" "ac_cv_have_decl_sys_sigabbrev" "
-@@ -23743,12 +23755,12 @@
- _ACEOF
- if test $ac_have_decl = 1; then :
-
-- HAVE_SIGNAME="true"
--
--fi
--
-- if test "$HAVE_SIGNAME" != "true"; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared
sys_sigabbrev" >&5
-+ HAVE_SIGNAME="true"
-+
-+fi
-+
-+ if test "$HAVE_SIGNAME" != "true"; then
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for undeclared
sys_sigabbrev" >&5
- $as_echo_n "checking for undeclared sys_sigabbrev... " >&6; }
- if ${sudo_cv_var_sys_sigabbrev+:} false; then :
- $as_echo_n "(cached) " >&6
-@@ -23777,17 +23789,18 @@
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_sys_sigabbrev"
>&5
- $as_echo "$sudo_cv_var_sys_sigabbrev" >&6; }
-- if test "$sudo_cv_var_sys_sigabbrev" = yes; then
-- $as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h
--
-- else
-- case " $LIBOBJS " in
-+ if test "$sudo_cv_var_sys_sigabbrev" = yes; then
-+ $as_echo "#define HAVE_SYS_SIGABBREV 1" >>confdefs.h
-+
-+ else
-+ case " $LIBOBJS " in
- *" signame.$ac_objext "* ) ;;
- *) LIBOBJS="$LIBOBJS signame.$ac_objext"
- ;;
- esac
-
-- SIGNAME=signame.lo
-+ SIGNAME=signame.lo
-+ fi
- fi
- fi
- fi
-diff -r 1ede927d99b3 -r e30482f26924 configure.ac
---- a/configure.ac Mon Aug 17 19:37:09 2020 -0600
-+++ b/configure.ac Tue Aug 25 16:48:13 2020 -0600
-@@ -3498,29 +3498,32 @@
- dnl Also enable unit tests for sig2str() and str2sig().
- dnl
- if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then
-- COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
-- HAVE_SIGNAME="false"
-- AC_CHECK_DECLS([sys_signame, _sys_signame, sys_sigabbrev], [
-- HAVE_SIGNAME="true"
-- ], [ ], [
-+ AC_CHECK_FUNCS([sigabbrev_np])
-+ if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then
-+ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+
}strsig_test"
-+ HAVE_SIGNAME="false"
-+ AC_CHECK_DECLS([sys_signame, _sys_signame, sys_sigabbrev], [
-+ HAVE_SIGNAME="true"
-+ ], [ ], [
- AC_INCLUDES_DEFAULT
- #include <signal.h>
-- ])
-- if test "$HAVE_SIGNAME" != "true"; then
-- AC_CACHE_CHECK([for undeclared sys_sigabbrev],
-- [sudo_cv_var_sys_sigabbrev],
-- [AC_LINK_IFELSE(
-- [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return
sys_sigabbrev[1];]])],
-- [sudo_cv_var_sys_sigabbrev=yes],
-- [sudo_cv_var_sys_sigabbrev=no]
-- )
-- ]
-- )
-- if test "$sudo_cv_var_sys_sigabbrev" = yes; then
-- AC_DEFINE(HAVE_SYS_SIGABBREV)
-- else
-- AC_LIBOBJ(signame)
-- SIGNAME=signame.lo
-+ ])
-+ if test "$HAVE_SIGNAME" != "true"; then
-+ AC_CACHE_CHECK([for undeclared sys_sigabbrev],
-+ [sudo_cv_var_sys_sigabbrev],
-+ [AC_LINK_IFELSE(
-+ [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return
sys_sigabbrev[1];]])],
-+ [sudo_cv_var_sys_sigabbrev=yes],
-+ [sudo_cv_var_sys_sigabbrev=no]
-+ )
-+ ]
-+ )
-+ if test "$sudo_cv_var_sys_sigabbrev" = yes; then
-+ AC_DEFINE(HAVE_SYS_SIGABBREV)
-+ else
-+ AC_LIBOBJ(signame)
-+ SIGNAME=signame.lo
-+ fi
- fi
- fi
- fi
-diff -r 1ede927d99b3 -r e30482f26924 lib/util/sig2str.c
---- a/lib/util/sig2str.c Mon Aug 17 19:37:09 2020 -0600
-+++ b/lib/util/sig2str.c Tue Aug 25 16:48:13 2020 -0600
-@@ -1,7 +1,7 @@
- /*
- * SPDX-License-Identifier: ISC
- *
-- * Copyright (c) 2012-2015, 2017-2019 Todd C. Miller <todd.mil...@sudo.ws>
-+ * Copyright (c) 2012-2015, 2017-2020 Todd C. Miller <todd.mil...@sudo.ws>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -32,20 +32,24 @@
- #include <unistd.h>
-
- #include "sudo_compat.h"
-+#include "sudo_util.h"
-
--#if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
--# define sudo_sys_signame sys_signame
--#elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
--# define sudo_sys_signame _sys_signame
--#elif defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 1
--# define sudo_sys_signame sys_sigabbrev
--#else
--# ifdef HAVE_SYS_SIGABBREV
-- /* sys_sigabbrev is not declared by glibc */
--# define sudo_sys_signame sys_sigabbrev
-+#if !defined(HAVE_SIGABBREV_NP)
-+# if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
-+# define sigabbrev_np(_x) sys_signame[(_x)]
-+# elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
-+# define sigabbrev_np(_x) _sys_signame[(_x)]
-+# elif defined(HAVE_SYS_SIGABBREV)
-+# define sigabbrev_np(_x) sys_sigabbrev[(_x)]
-+# if defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 0
-+ /* sys_sigabbrev is not declared by glibc */
-+ extern const char *const sys_sigabbrev[NSIG];
-+# endif
-+# else
-+# define sigabbrev_np(_x) sudo_sys_signame[(_x)]
-+ extern const char *const sudo_sys_signame[NSIG];
- # endif
--extern const char *const sudo_sys_signame[NSIG];
--#endif
-+#endif /* !HAVE_SIGABBREV_NP */
-
- /*
- * Translate signal number to name.
-@@ -77,15 +81,18 @@
- return 0;
- }
- #endif
-- if (signo > 0 && signo < NSIG && sudo_sys_signame[signo] != NULL) {
-- strlcpy(signame, sudo_sys_signame[signo], SIG2STR_MAX);
-- /* Make sure we always return an upper case signame. */
-- if (islower((unsigned char)signame[0])) {
-- int i;
-- for (i = 0; signame[i] != '\0'; i++)
-- signame[i] = toupper((unsigned char)signame[i]);
-+ if (signo > 0 && signo < NSIG) {
-+ const char *cp = sigabbrev_np(signo);
-+ if (cp != NULL) {
-+ strlcpy(signame, cp, SIG2STR_MAX);
-+ /* Make sure we always return an upper case signame. */
-+ if (islower((unsigned char)signame[0])) {
-+ int i;
-+ for (i = 0; signame[i] != '\0'; i++)
-+ signame[i] = toupper((unsigned char)signame[i]);
-+ }
-+ return 0;
- }
-- return 0;
- }
- errno = EINVAL;
- return -1;
-diff -r 1ede927d99b3 -r e30482f26924 lib/util/str2sig.c
---- a/lib/util/str2sig.c Mon Aug 17 19:37:09 2020 -0600
-+++ b/lib/util/str2sig.c Tue Aug 25 16:48:13 2020 -0600
-@@ -1,7 +1,7 @@
- /*
- * SPDX-License-Identifier: ISC
- *
-- * Copyright (c) 2019 Todd C. Miller <todd.mil...@sudo.ws>
-+ * Copyright (c) 2019-2020 Todd C. Miller <todd.mil...@sudo.ws>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -37,19 +37,22 @@
- #include "sudo_compat.h"
- #include "sudo_util.h"
-
--#if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
--# define sudo_sys_signame sys_signame
--#elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
--# define sudo_sys_signame _sys_signame
--#elif defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 1
--# define sudo_sys_signame sys_sigabbrev
--#else
--# ifdef HAVE_SYS_SIGABBREV
-- /* sys_sigabbrev is not declared by glibc */
--# define sudo_sys_signame sys_sigabbrev
-+#if !defined(HAVE_SIGABBREV_NP)
-+# if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
-+# define sigabbrev_np(_x) sys_signame[(_x)]
-+# elif defined(HAVE_DECL__SYS_SIGNAME) && HAVE_DECL__SYS_SIGNAME == 1
-+# define sigabbrev_np(_x) _sys_signame[(_x)]
-+# elif defined(HAVE_SYS_SIGABBREV)
-+# define sigabbrev_np(_x) sys_sigabbrev[(_x)]
-+# if defined(HAVE_DECL_SYS_SIGABBREV) && HAVE_DECL_SYS_SIGABBREV == 0
-+ /* sys_sigabbrev is not declared by glibc */
-+ extern const char *const sys_sigabbrev[NSIG];
-+# endif
-+# else
-+# define sigabbrev_np(_x) sudo_sys_signame[(_x)]
-+ extern const char *const sudo_sys_signame[NSIG];
- # endif
--extern const char *const sudo_sys_signame[NSIG];
--#endif
-+#endif /* !HAVE_SIGABBREV_NP */
-
- /*
- * Many systems use aliases for source backward compatibility.
-@@ -154,11 +157,11 @@
- }
- }
-
-- /* Check sys_signame[]. */
- for (signo = 1; signo < NSIG; signo++) {
-- if (sudo_sys_signame[signo] != NULL) {
-+ const char *cp = sigabbrev_np(signo);
-+ if (cp != NULL) {
- /* On macOS sys_signame[] may contain lower-case names. */
-- if (strcasecmp(signame, sudo_sys_signame[signo]) == 0) {
-+ if (strcasecmp(signame, cp) == 0) {
- *result = signo;
- return 0;
- }
-
diff --git a/app-admin/sudo/sudo-1.9.2-r1.ebuild
b/app-admin/sudo/sudo-1.9.2-r1.ebuild
deleted file mode 100644
index 1f1f6e60dd3..00000000000
--- a/app-admin/sudo/sudo-1.9.2-r1.ebuild
+++ /dev/null
@@ -1,265 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit pam multilib libtool systemd tmpfiles
-
-MY_P="${P/_/}"
-MY_P="${MY_P/beta/b}"
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="https://www.sudo.ws/";
-if [[ ${PV} == "9999" ]] ; then
- inherit mercurial
- EHG_REPO_URI="https://www.sudo.ws/repos/sudo";
-else
- uri_prefix=
- case ${P} in
- *_beta*|*_rc*) uri_prefix=beta/ ;;
- esac
-
- SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz";
- if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips
~ppc ~ppc64 ~s390 ~sparc ~x86 ~sparc-solaris"
- fi
-fi
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux
+sendmail skey ssl sssd"
-
-DEPEND="
- sys-libs/zlib:=
- gcrypt? ( dev-libs/libgcrypt:= )
- ldap? (
- >=net-nds/openldap-2.1.30-r1
- sasl? (
- dev-libs/cyrus-sasl
- net-nds/openldap[sasl]
- )
- )
- pam? ( sys-libs/pam )
- sasl? ( dev-libs/cyrus-sasl )
- skey? ( >=sys-auth/skey-1.1.5-r1 )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- )
- sssd? ( sys-auth/sssd[sudo] )
-"
-RDEPEND="
- ${DEPEND}
- >=app-misc/editor-wrapper-3
- virtual/editor
- ldap? ( dev-lang/perl )
- pam? ( sys-auth/pambase )
- selinux? ( sec-policy/selinux-sudo )
- sendmail? ( virtual/mta )
-"
-BDEPEND="
- sys-devel/bison
- virtual/pkgconfig
-"
-
-S="${WORKDIR}/${MY_P}"
-
-REQUIRED_USE="
- pam? ( !skey )
- skey? ( !pam )
-"
-
-REQUIRED_USE="?? ( gcrypt ssl )"
-
-MAKEOPTS+=" SAMPLES="
-
-PATCHES=( "${FILESDIR}/${P}-glibc-2.32.patch" ) # drop for releases after
1.9.2
-
-src_prepare() {
- default
- elibtoolize
-}
-
-set_secure_path() {
- # FIXME: secure_path is a compile time setting. using PATH or
- # ROOTPATH is not perfect, env-update may invalidate this, but until it
- # is available as a sudoers setting this will have to do.
- einfo "Setting secure_path ..."
-
- # first extract the default ROOTPATH from build env
- SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
- echo "${ROOTPATH}")
- case "${SECURE_PATH}" in
- */usr/sbin*) ;;
- *) SECURE_PATH=$(unset PATH;
- . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
- ;;
- esac
- if [[ -z ${SECURE_PATH} ]] ; then
- ewarn " Failed to detect SECURE_PATH, please report this"
- fi
-
- # then remove duplicate path entries
- cleanpath() {
- local newpath thisp IFS=:
- for thisp in $1 ; do
- if [[ :${newpath}: != *:${thisp}:* ]] ; then
- newpath+=:${thisp}
- else
- einfo " Duplicate entry ${thisp} removed..."
- fi
- done
- SECURE_PATH=${newpath#:}
- }
- cleanpath
/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
-
- # finally, strip gcc paths #136027
- rmpath() {
- local e newpath thisp IFS=:
- for thisp in ${SECURE_PATH} ; do
- for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
- newpath+=:${thisp}
- done
- SECURE_PATH=${newpath#:}
- }
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
- einfo "... done"
-}
-
-src_configure() {
- local SECURE_PATH
- set_secure_path
-
- # audit: somebody got to explain me how I can test this before I
- # enable it.. - Diego
- # plugindir: autoconf code is crappy and does not delay evaluation
- # until `make` time, so we have to use a full path here rather than
- # basing off other values.
- myeconfargs=(
- # requires some python eclass
- --disable-python
- --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
- --enable-zlib=system
- --with-editor="${EPREFIX}"/usr/libexec/editor
- --with-env-editor
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
- --with-rundir="${EPREFIX}"/run/sudo
- --with-vardir="${EPREFIX}"/var/db/sudo
- --without-linux-audit
- --without-opie
- $(use_enable gcrypt)
- $(use_enable nls)
- $(use_enable sasl)
- $(use_enable ssl openssl)
- $(use_with ldap)
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
- $(use_with offensive insults)
- $(use_with offensive all-insults)
- $(use_with pam)
- $(use_with pam pam-login)
- $(use_with secure-path secure-path "${SECURE_PATH}")
- $(use_with selinux)
- $(use_with sendmail)
- $(use_with skey)
- $(use_with sssd)
- )
-
- econf "${myeconfargs[@]}"
-}
-
-src_install() {
- default
-
- if use ldap ; then
- dodoc README.LDAP
-
- cat <<-EOF > "${T}"/ldap.conf.sudo
- # See ldap.conf(5) and README.LDAP for details
- # This file should only be readable by root
-
- # supported directives: host, port, ssl, ldap_version
- # uri, binddn, bindpw, sudoers_base, sudoers_debug
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
- EOF
-
- if use sasl ; then
- cat <<-EOF >> "${T}"/ldap.conf.sudo
-
- # SASL directives: use_sasl, sasl_mech, sasl_auth_id
- # sasl_secprops, rootuse_sasl, rootsasl_auth_id,
krb5_ccname
- EOF
- fi
-
- insinto /etc
- doins "${T}"/ldap.conf.sudo
- fperms 0440 /etc/ldap.conf.sudo
-
- insinto /etc/openldap/schema
- newins doc/schema.OpenLDAP sudo.schema
- fi
-
- pamd_mimic system-auth sudo auth account session
- pamd_mimic system-auth sudo-i auth account session
-
- keepdir /var/db/sudo/lectured
- fperms 0700 /var/db/sudo/lectured
- fperms 0711 /var/db/sudo #652958
-
- # Don't install into /run as that is a tmpfs most of the time
- # (bug #504854)
- rm -rf "${ED}"/run || die
-
- find "${ED}" -type f -name "*.la" -delete || die #697812
-}
-
-pkg_postinst() {
- tmpfiles_process sudo.conf
-
- #652958
- local sudo_db="${EROOT}/var/db/sudo"
- if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
- chmod 711 "${sudo_db}" || die
- fi
-
- if use ldap ; then
- ewarn
- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap
configuration."
- ewarn
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf
; then
- ewarn "In 1.7 series, LDAP is no more consulted, unless
explicitly"
- ewarn "configured in /etc/nsswitch.conf."
- ewarn
- ewarn "To make use of LDAP, add this line to your
/etc/nsswitch.conf:"
- ewarn " sudoers: ldap files"
- ewarn
- fi
- fi
- if use prefix ; then
- ewarn
- ewarn "To use sudo, you need to change file ownership and
permissions"
- ewarn "with root privileges, as follows:"
- ewarn
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
- ewarn
- fi
-
- elog "To use the -A (askpass) option, you need to install a compatible"
- elog "password program from the following list. Starred packages will"
- elog "automatically register for the use with sudo (but will not force"
- elog "the -A option):"
- elog ""
- elog " [*] net-misc/ssh-askpass-fullscreen"
- elog " net-misc/x11-ssh-askpass"
- elog ""
- elog "You can override the choice by setting the SUDO_ASKPASS
environmnent"
- elog "variable to the program you want to use."
-}
diff --git a/app-admin/sudo/sudo-1.9.2.ebuild b/app-admin/sudo/sudo-1.9.2.ebuild
deleted file mode 100644
index ff902d2d4e1..00000000000
--- a/app-admin/sudo/sudo-1.9.2.ebuild
+++ /dev/null
@@ -1,263 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit pam multilib libtool systemd tmpfiles
-
-MY_P="${P/_/}"
-MY_P="${MY_P/beta/b}"
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="https://www.sudo.ws/";
-if [[ ${PV} == "9999" ]] ; then
- inherit mercurial
- EHG_REPO_URI="https://www.sudo.ws/repos/sudo";
-else
- uri_prefix=
- case ${P} in
- *_beta*|*_rc*) uri_prefix=beta/ ;;
- esac
-
- SRC_URI="https://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz";
- if [[ ${PV} != *_beta* ]] && [[ ${PV} != *_rc* ]] ; then
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc
ppc64 s390 sparc x86 ~sparc-solaris"
- fi
-fi
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux
+sendmail skey ssl sssd"
-
-DEPEND="
- sys-libs/zlib:=
- gcrypt? ( dev-libs/libgcrypt:= )
- ldap? (
- >=net-nds/openldap-2.1.30-r1
- sasl? (
- dev-libs/cyrus-sasl
- net-nds/openldap[sasl]
- )
- )
- pam? ( sys-libs/pam )
- sasl? ( dev-libs/cyrus-sasl )
- skey? ( >=sys-auth/skey-1.1.5-r1 )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- )
- sssd? ( sys-auth/sssd[sudo] )
-"
-RDEPEND="
- ${DEPEND}
- >=app-misc/editor-wrapper-3
- virtual/editor
- ldap? ( dev-lang/perl )
- pam? ( sys-auth/pambase )
- selinux? ( sec-policy/selinux-sudo )
- sendmail? ( virtual/mta )
-"
-BDEPEND="
- sys-devel/bison
- virtual/pkgconfig
-"
-
-S="${WORKDIR}/${MY_P}"
-
-REQUIRED_USE="
- pam? ( !skey )
- skey? ( !pam )
-"
-
-REQUIRED_USE="?? ( gcrypt ssl )"
-
-MAKEOPTS+=" SAMPLES="
-
-src_prepare() {
- default
- elibtoolize
-}
-
-set_secure_path() {
- # FIXME: secure_path is a compile time setting. using PATH or
- # ROOTPATH is not perfect, env-update may invalidate this, but until it
- # is available as a sudoers setting this will have to do.
- einfo "Setting secure_path ..."
-
- # first extract the default ROOTPATH from build env
- SECURE_PATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env;
- echo "${ROOTPATH}")
- case "${SECURE_PATH}" in
- */usr/sbin*) ;;
- *) SECURE_PATH=$(unset PATH;
- . "${EPREFIX}"/etc/profile.env; echo "${PATH}")
- ;;
- esac
- if [[ -z ${SECURE_PATH} ]] ; then
- ewarn " Failed to detect SECURE_PATH, please report this"
- fi
-
- # then remove duplicate path entries
- cleanpath() {
- local newpath thisp IFS=:
- for thisp in $1 ; do
- if [[ :${newpath}: != *:${thisp}:* ]] ; then
- newpath+=:${thisp}
- else
- einfo " Duplicate entry ${thisp} removed..."
- fi
- done
- SECURE_PATH=${newpath#:}
- }
- cleanpath
/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${SECURE_PATH:+:${SECURE_PATH}}
-
- # finally, strip gcc paths #136027
- rmpath() {
- local e newpath thisp IFS=:
- for thisp in ${SECURE_PATH} ; do
- for e ; do [[ ${thisp} == ${e} ]] && continue 2 ; done
- newpath+=:${thisp}
- done
- SECURE_PATH=${newpath#:}
- }
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
- einfo "... done"
-}
-
-src_configure() {
- local SECURE_PATH
- set_secure_path
-
- # audit: somebody got to explain me how I can test this before I
- # enable it.. - Diego
- # plugindir: autoconf code is crappy and does not delay evaluation
- # until `make` time, so we have to use a full path here rather than
- # basing off other values.
- myeconfargs=(
- # requires some python eclass
- --disable-python
- --enable-tmpfiles.d="${EPREFIX}"/usr/lib/tmpfiles.d
- --enable-zlib=system
- --with-editor="${EPREFIX}"/usr/libexec/editor
- --with-env-editor
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo
- --with-rundir="${EPREFIX}"/run/sudo
- --with-vardir="${EPREFIX}"/var/db/sudo
- --without-linux-audit
- --without-opie
- $(use_enable gcrypt)
- $(use_enable nls)
- $(use_enable sasl)
- $(use_enable ssl openssl)
- $(use_with ldap)
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)
- $(use_with offensive insults)
- $(use_with offensive all-insults)
- $(use_with pam)
- $(use_with pam pam-login)
- $(use_with secure-path secure-path "${SECURE_PATH}")
- $(use_with selinux)
- $(use_with sendmail)
- $(use_with skey)
- $(use_with sssd)
- )
-
- econf "${myeconfargs[@]}"
-}
-
-src_install() {
- default
-
- if use ldap ; then
- dodoc README.LDAP
-
- cat <<-EOF > "${T}"/ldap.conf.sudo
- # See ldap.conf(5) and README.LDAP for details
- # This file should only be readable by root
-
- # supported directives: host, port, ssl, ldap_version
- # uri, binddn, bindpw, sudoers_base, sudoers_debug
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key}
- EOF
-
- if use sasl ; then
- cat <<-EOF >> "${T}"/ldap.conf.sudo
-
- # SASL directives: use_sasl, sasl_mech, sasl_auth_id
- # sasl_secprops, rootuse_sasl, rootsasl_auth_id,
krb5_ccname
- EOF
- fi
-
- insinto /etc
- doins "${T}"/ldap.conf.sudo
- fperms 0440 /etc/ldap.conf.sudo
-
- insinto /etc/openldap/schema
- newins doc/schema.OpenLDAP sudo.schema
- fi
-
- pamd_mimic system-auth sudo auth account session
- pamd_mimic system-auth sudo-i auth account session
-
- keepdir /var/db/sudo/lectured
- fperms 0700 /var/db/sudo/lectured
- fperms 0711 /var/db/sudo #652958
-
- # Don't install into /run as that is a tmpfs most of the time
- # (bug #504854)
- rm -rf "${ED}"/run || die
-
- find "${ED}" -type f -name "*.la" -delete || die #697812
-}
-
-pkg_postinst() {
- tmpfiles_process sudo.conf
-
- #652958
- local sudo_db="${EROOT}/var/db/sudo"
- if [[ "$(stat -c %a "${sudo_db}")" -ne 711 ]] ; then
- chmod 711 "${sudo_db}" || die
- fi
-
- if use ldap ; then
- ewarn
- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap
configuration."
- ewarn
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf
; then
- ewarn "In 1.7 series, LDAP is no more consulted, unless
explicitly"
- ewarn "configured in /etc/nsswitch.conf."
- ewarn
- ewarn "To make use of LDAP, add this line to your
/etc/nsswitch.conf:"
- ewarn " sudoers: ldap files"
- ewarn
- fi
- fi
- if use prefix ; then
- ewarn
- ewarn "To use sudo, you need to change file ownership and
permissions"
- ewarn "with root privileges, as follows:"
- ewarn
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
- ewarn
- fi
-
- elog "To use the -A (askpass) option, you need to install a compatible"
- elog "password program from the following list. Starred packages will"
- elog "automatically register for the use with sudo (but will not force"
- elog "the -A option):"
- elog ""
- elog " [*] net-misc/ssh-askpass-fullscreen"
- elog " net-misc/x11-ssh-askpass"
- elog ""
- elog "You can override the choice by setting the SUDO_ASKPASS
environmnent"
- elog "variable to the program you want to use."
-}
