summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDoug Goldstein <cardoe@gentoo.org>2016-03-08 09:03:42 -0600
committerDoug Goldstein <cardoe@gentoo.org>2016-03-08 09:04:11 -0600
commit21f8d167c044a4a6846b97ce78c7e52ce7497936 (patch)
tree3179b198500d450bb4aa933c282c4693a8e54e26 /app-admin/sudo
parentapp-emulation/virtualbox-extpack-oracle: No get_libdir in global scope. (diff)
downloadgentoo-21f8d167c044a4a6846b97ce78c7e52ce7497936.tar.gz
gentoo-21f8d167c044a4a6846b97ce78c7e52ce7497936.tar.bz2
gentoo-21f8d167c044a4a6846b97ce78c7e52ce7497936.zip
app-admin/sudo: remove vulnerable versions
Clean up versions vulnerable to CVE-2015-5602 Gentoo-Bug: 564774 Package-Manager: portage-2.2.26 Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
Diffstat (limited to 'app-admin/sudo')
-rw-r--r--app-admin/sudo/Manifest2
-rw-r--r--app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch146
-rw-r--r--app-admin/sudo/sudo-1.8.12.ebuild197
-rw-r--r--app-admin/sudo/sudo-1.8.14_p3.ebuild196
4 files changed, 0 insertions, 541 deletions
diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest
index 91f8db96501f..185cd436983d 100644
--- a/app-admin/sudo/Manifest
+++ b/app-admin/sudo/Manifest
@@ -1,3 +1 @@
-DIST sudo-1.8.12.tar.gz 2493373 SHA256 163b51841de8ad19276581a6782d61f5948f1f72a0a843371a1c167d3dc4f3b0 SHA512 1815343eceb7cfa6e37c961ce1c68cf96fc290356b92078d6d24a2c85d8b7a7236df78d3ff7f5e30eba492dc8407346d884e01c0b989eef4414156cfec80b67b WHIRLPOOL 0d9e618937a08b9bf74aaebf12f5b9f96afd827728f90fa95b6a2a4f932cc84240d56674aa903062247068ec5aa3369b14bad64130caeb313330286510c2d3f6
-DIST sudo-1.8.14p3.tar.gz 2570892 SHA256 a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237 SHA512 022e75a4171c0d9b87569adc5b08afc1b8f2adb7dbc6c80dfb737029dbca560a08e317ce37f117b614f36b54666ed01559a72d0c92523a5a2ee3531f520d7a2b WHIRLPOOL 143ff1c464b539e79172cd0340a089739207d2b99fc01d183a27b24b5172c834d6ed0f7258116542ffa559a3a4c3540924261170655dd7bedb449f8d93496bbd
DIST sudo-1.8.15.tar.gz 2660128 SHA256 4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308 SHA512 f2bff92104ddc4cbea8c788da446043cbfe02c977cedf18d46b1c82e98d7227432cb5a61233e7a06af84e3637f906edd5e02bb88c03a2ce4a16df410469a5dab WHIRLPOOL 3da64eda51f22d7fc0ea76f0693e9960d511b7c762b5d6237318d17436fd64b58ae90caa9bf4e125ebee70b83eac7cba2c7451fb62fafd8ee3d133c4ae2037b9
diff --git a/app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch b/app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch
deleted file mode 100644
index f33748669e97..000000000000
--- a/app-admin/sudo/files/sudo-1.8.12-include-sys-types-h.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-This fixes builds on uClibc and musl. See
-https://bugs.gentoo.org/show_bug.cgi?id=544756
-
-This patch is a slight modification of uptream commits:
-http://www.sudo.ws/repos/sudo/rev/86eb67f3c41a
-http://www.sudo.ws/repos/sudo/rev/e0794f05e95c
-
-diff -Naur sudo-1.8.12.orig/lib/util/getopt_long.c sudo-1.8.12/lib/util/getopt_long.c
---- sudo-1.8.12.orig/lib/util/getopt_long.c 2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/getopt_long.c 2015-04-10 19:21:20.337032782 +0000
-@@ -52,6 +52,7 @@
-
- #include <config.h>
-
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/lib/util/mksiglist.c sudo-1.8.12/lib/util/mksiglist.c
---- sudo-1.8.12.orig/lib/util/mksiglist.c 2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/mksiglist.c 2015-04-10 19:22:38.719856268 +0000
-@@ -43,6 +43,7 @@
- #include "mksiglist.h"
-
- printf("#include <config.h>\n");
-+ printf("#include <sys/types.h>\n");
- printf("#include <signal.h>\n");
- printf("#include \"sudo_compat.h\"\n\n");
- printf("const char *const sudo_sys_siglist[NSIG] = {\n");
-diff -Naur sudo-1.8.12.orig/lib/util/mksigname.c sudo-1.8.12/lib/util/mksigname.c
---- sudo-1.8.12.orig/lib/util/mksigname.c 2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/mksigname.c 2015-04-10 19:22:10.738491394 +0000
-@@ -43,6 +43,7 @@
- #include "mksigname.h"
-
- printf("#include <config.h>\n");
-+ printf("#include <sys/types.h>\n");
- printf("#include <signal.h>\n");
- printf("#include \"sudo_compat.h\"\n\n");
- printf("const char *const sudo_sys_signame[NSIG] = {\n");
-diff -Naur sudo-1.8.12.orig/lib/util/regress/fnmatch/fnm_test.c sudo-1.8.12/lib/util/regress/fnmatch/fnm_test.c
---- sudo-1.8.12.orig/lib/util/regress/fnmatch/fnm_test.c 2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/regress/fnmatch/fnm_test.c 2015-04-10 19:21:20.340032928 +0000
-@@ -6,6 +6,7 @@
-
- #include <config.h>
-
-+#include <sys/types.h>
- #include <stdio.h>
- #include <stdlib.h>
- #ifdef HAVE_STRING_H
-diff -Naur sudo-1.8.12.orig/lib/util/regress/glob/globtest.c sudo-1.8.12/lib/util/regress/glob/globtest.c
---- sudo-1.8.12.orig/lib/util/regress/glob/globtest.c 2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/lib/util/regress/glob/globtest.c 2015-04-10 19:21:20.341032977 +0000
-@@ -6,6 +6,7 @@
-
- #include <config.h>
-
-+#include <sys/types.h>
- #include <stdio.h>
- #include <stdlib.h>
- #ifdef HAVE_STRING_H
-diff -Naur sudo-1.8.12.orig/lib/util/sha2.c sudo-1.8.12/lib/util/sha2.c
---- sudo-1.8.12.orig/lib/util/sha2.c 2015-02-09 18:40:09.000000000 +0000
-+++ sudo-1.8.12/lib/util/sha2.c 2015-04-10 19:21:20.342033026 +0000
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
-+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -25,6 +25,7 @@
-
- #include <config.h>
-
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_base64.c sudo-1.8.12/plugins/sudoers/regress/parser/check_base64.c
---- sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_base64.c 2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/plugins/sudoers/regress/parser/check_base64.c 2015-04-10 19:21:20.342033026 +0000
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
-+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -16,6 +16,7 @@
-
- #include <config.h>
-
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_digest.c sudo-1.8.12/plugins/sudoers/regress/parser/check_digest.c
---- sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_digest.c 2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/plugins/sudoers/regress/parser/check_digest.c 2015-04-10 19:21:20.343033075 +0000
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
-+ * Copyright (c) 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -16,6 +16,7 @@
-
- #include <config.h>
-
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_hexchar.c sudo-1.8.12/plugins/sudoers/regress/parser/check_hexchar.c
---- sudo-1.8.12.orig/plugins/sudoers/regress/parser/check_hexchar.c 2015-02-09 18:40:10.000000000 +0000
-+++ sudo-1.8.12/plugins/sudoers/regress/parser/check_hexchar.c 2015-04-10 19:21:20.344033124 +0000
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2014 Todd C. Miller <Todd.Miller@courtesan.com>
-+ * Copyright (c) 2014-2015 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -16,6 +16,7 @@
-
- #include <config.h>
-
-+#include <sys/types.h>
- #include <stdio.h>
- #ifdef STDC_HEADERS
- # include <stdlib.h>
-diff -Naur sudo-1.8.12.orig/plugins/sudoers/solaris_audit.c sudo-1.8.12/plugins/sudoers/solaris_audit.c
---- sudo-1.8.12.orig/plugins/sudoers/solaris_audit.c 2015-02-09 18:53:54.000000000 +0000
-+++ sudo-1.8.12/plugins/sudoers/solaris_audit.c 2015-04-10 19:21:20.345033172 +0000
-@@ -15,6 +15,8 @@
- */
-
- #include <config.h>
-+
-+#include <sys/types.h>
- #include <stdarg.h>
- #include <stdio.h>
- #include <stdlib.h>
diff --git a/app-admin/sudo/sudo-1.8.12.ebuild b/app-admin/sudo/sudo-1.8.12.ebuild
deleted file mode 100644
index d1ed25ec38cf..000000000000
--- a/app-admin/sudo/sudo-1.8.12.ebuild
+++ /dev/null
@@ -1,197 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils pam multilib libtool
-
-MY_P=${P/_/}
-MY_P=${MY_P/beta/b}
-
-uri_prefix=
-case ${P} in
-*_beta*|*_rc*) uri_prefix=beta/ ;;
-esac
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="http://www.sudo.ws/"
-SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris"
-IUSE="ldap nls pam offensive selinux skey +sendmail"
-
-DEPEND="pam? ( virtual/pam )
- skey? ( >=sys-auth/skey-1.1.5-r1 )
- ldap? (
- >=net-nds/openldap-2.1.30-r1
- dev-libs/cyrus-sasl
- )
- sys-libs/zlib"
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-sudo )
- ldap? ( dev-lang/perl )
- pam? ( sys-auth/pambase )
- >=app-misc/editor-wrapper-3
- virtual/editor
- sendmail? ( virtual/mta )"
-DEPEND="${DEPEND}
- sys-devel/bison"
-
-S=${WORKDIR}/${MY_P}
-
-REQUIRED_USE="pam? ( !skey ) skey? ( !pam )"
-
-MAKEOPTS+=" SAMPLES="
-
-src_prepare() {
- epatch "${FILESDIR}"/${P}-include-sys-types-h.patch
- elibtoolize
-}
-
-set_rootpath() {
- # FIXME: secure_path is a compile time setting. using ROOTPATH
- # is not perfect, env-update may invalidate this, but until it
- # is available as a sudoers setting this will have to do.
- einfo "Setting secure_path ..."
-
- # first extract the default ROOTPATH from build env
- ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
- if [[ -z ${ROOTPATH} ]] ; then
- ewarn " Failed to find ROOTPATH, please report this"
- fi
-
- # then remove duplicate path entries
- cleanpath() {
- local newpath thisp IFS=:
- for thisp in $1 ; do
- if [[ :${newpath}: != *:${thisp}:* ]] ; then
- newpath+=:$thisp
- else
- einfo " Duplicate entry ${thisp} removed..."
- fi
- done
- ROOTPATH=${newpath#:}
- }
- cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
-
- # finally, strip gcc paths #136027
- rmpath() {
- local e newpath thisp IFS=:
- for thisp in ${ROOTPATH} ; do
- for e ; do [[ $thisp == $e ]] && continue 2 ; done
- newpath+=:$thisp
- done
- ROOTPATH=${newpath#:}
- }
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
- einfo "... done"
-}
-
-src_configure() {
- local ROOTPATH
- set_rootpath
-
- # audit: somebody got to explain me how I can test this before I
- # enable it.. - Diego
- # plugindir: autoconf code is crappy and does not delay evaluation
- # until `make` time, so we have to use a full path here rather than
- # basing off other values.
- econf \
- --enable-zlib=system \
- --with-secure-path="${ROOTPATH}" \
- --with-editor="${EPREFIX}"/usr/libexec/editor \
- --with-env-editor \
- $(use_with offensive insults) \
- $(use_with offensive all-insults) \
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
- $(use_with ldap) \
- $(use_enable nls) \
- $(use_with pam) \
- $(use_with skey) \
- $(use_with selinux) \
- $(use_with sendmail) \
- --without-opie \
- --without-linux-audit \
- --with-rundir="${EPREFIX}"/var/run/sudo \
- --with-vardir="${EPREFIX}"/var/db/sudo \
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \
- --docdir="${EPREFIX}"/usr/share/doc/${PF}
-}
-
-src_install() {
- default
-
- if use ldap ; then
- dodoc README.LDAP doc/schema.OpenLDAP
- dosbin plugins/sudoers/sudoers2ldif
-
- cat <<-EOF > "${T}"/ldap.conf.sudo
- # See ldap.conf(5) and README.LDAP for details
- # This file should only be readable by root
-
- # supported directives: host, port, ssl, ldap_version
- # uri, binddn, bindpw, sudoers_base, sudoers_debug
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key
- EOF
-
- insinto /etc
- doins "${T}"/ldap.conf.sudo
- fperms 0440 /etc/ldap.conf.sudo
- fi
-
- pamd_mimic system-auth sudo auth account session
-
- keepdir /var/db/sudo
- fperms 0700 /var/db/sudo
-
- # Don't install into /var/run as that is a tmpfs most of the time
- # (bug #504854)
- rm -rf "${D}"/var/run
-}
-
-pkg_postinst() {
- if use ldap ; then
- ewarn
- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
- ewarn
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
- ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
- ewarn "configured in /etc/nsswitch.conf."
- ewarn
- ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
- ewarn " sudoers: ldap files"
- ewarn
- fi
- fi
- if use prefix ; then
- ewarn
- ewarn "To use sudo, you need to change file ownership and permissions"
- ewarn "with root privileges, as follows:"
- ewarn
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
- ewarn
- fi
-
- elog "To use the -A (askpass) option, you need to install a compatible"
- elog "password program from the following list. Starred packages will"
- elog "automatically register for the use with sudo (but will not force"
- elog "the -A option):"
- elog ""
- elog " [*] net-misc/ssh-askpass-fullscreen"
- elog " net-misc/x11-ssh-askpass"
- elog ""
- elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
- elog "variable to the program you want to use."
-}
diff --git a/app-admin/sudo/sudo-1.8.14_p3.ebuild b/app-admin/sudo/sudo-1.8.14_p3.ebuild
deleted file mode 100644
index c4e80afad003..000000000000
--- a/app-admin/sudo/sudo-1.8.14_p3.ebuild
+++ /dev/null
@@ -1,196 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils pam multilib libtool
-
-MY_P=${P/_/}
-MY_P=${MY_P/beta/b}
-
-uri_prefix=
-case ${P} in
-*_beta*|*_rc*) uri_prefix=beta/ ;;
-esac
-
-DESCRIPTION="Allows users or groups to run commands as other users"
-HOMEPAGE="http://www.sudo.ws/"
-SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz
- ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz"
-
-# Basic license is ISC-style as-is, some files are released under
-# 3-clause BSD license
-LICENSE="ISC BSD"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris"
-IUSE="ldap nls pam offensive selinux skey +sendmail"
-
-DEPEND="pam? ( virtual/pam )
- skey? ( >=sys-auth/skey-1.1.5-r1 )
- ldap? (
- >=net-nds/openldap-2.1.30-r1
- dev-libs/cyrus-sasl
- )
- sys-libs/zlib"
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-sudo )
- ldap? ( dev-lang/perl )
- pam? ( sys-auth/pambase )
- >=app-misc/editor-wrapper-3
- virtual/editor
- sendmail? ( virtual/mta )"
-DEPEND="${DEPEND}
- sys-devel/bison"
-
-S=${WORKDIR}/${MY_P}
-
-REQUIRED_USE="pam? ( !skey ) skey? ( !pam )"
-
-MAKEOPTS+=" SAMPLES="
-
-src_prepare() {
- elibtoolize
-}
-
-set_rootpath() {
- # FIXME: secure_path is a compile time setting. using ROOTPATH
- # is not perfect, env-update may invalidate this, but until it
- # is available as a sudoers setting this will have to do.
- einfo "Setting secure_path ..."
-
- # first extract the default ROOTPATH from build env
- ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}")
- if [[ -z ${ROOTPATH} ]] ; then
- ewarn " Failed to find ROOTPATH, please report this"
- fi
-
- # then remove duplicate path entries
- cleanpath() {
- local newpath thisp IFS=:
- for thisp in $1 ; do
- if [[ :${newpath}: != *:${thisp}:* ]] ; then
- newpath+=:$thisp
- else
- einfo " Duplicate entry ${thisp} removed..."
- fi
- done
- ROOTPATH=${newpath#:}
- }
- cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}
-
- # finally, strip gcc paths #136027
- rmpath() {
- local e newpath thisp IFS=:
- for thisp in ${ROOTPATH} ; do
- for e ; do [[ $thisp == $e ]] && continue 2 ; done
- newpath+=:$thisp
- done
- ROOTPATH=${newpath#:}
- }
- rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*'
-
- einfo "... done"
-}
-
-src_configure() {
- local ROOTPATH
- set_rootpath
-
- # audit: somebody got to explain me how I can test this before I
- # enable it.. - Diego
- # plugindir: autoconf code is crappy and does not delay evaluation
- # until `make` time, so we have to use a full path here rather than
- # basing off other values.
- econf \
- --enable-zlib=system \
- --with-secure-path="${ROOTPATH}" \
- --with-editor="${EPREFIX}"/usr/libexec/editor \
- --with-env-editor \
- $(use_with offensive insults) \
- $(use_with offensive all-insults) \
- $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \
- $(use_with ldap) \
- $(use_enable nls) \
- $(use_with pam) \
- $(use_with skey) \
- $(use_with selinux) \
- $(use_with sendmail) \
- --without-opie \
- --without-linux-audit \
- --with-rundir="${EPREFIX}"/var/run/sudo \
- --with-vardir="${EPREFIX}"/var/db/sudo \
- --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \
- --docdir="${EPREFIX}"/usr/share/doc/${PF}
-}
-
-src_install() {
- default
-
- if use ldap ; then
- dodoc README.LDAP doc/schema.OpenLDAP
- dosbin plugins/sudoers/sudoers2ldif
-
- cat <<-EOF > "${T}"/ldap.conf.sudo
- # See ldap.conf(5) and README.LDAP for details
- # This file should only be readable by root
-
- # supported directives: host, port, ssl, ldap_version
- # uri, binddn, bindpw, sudoers_base, sudoers_debug
- # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key
- EOF
-
- insinto /etc
- doins "${T}"/ldap.conf.sudo
- fperms 0440 /etc/ldap.conf.sudo
- fi
-
- pamd_mimic system-auth sudo auth account session
-
- keepdir /var/db/sudo
- fperms 0700 /var/db/sudo
-
- # Don't install into /var/run as that is a tmpfs most of the time
- # (bug #504854)
- rm -rf "${D}"/var/run
-}
-
-pkg_postinst() {
- if use ldap ; then
- ewarn
- ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration."
- ewarn
- if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then
- ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly"
- ewarn "configured in /etc/nsswitch.conf."
- ewarn
- ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:"
- ewarn " sudoers: ldap files"
- ewarn
- fi
- fi
- if use prefix ; then
- ewarn
- ewarn "To use sudo, you need to change file ownership and permissions"
- ewarn "with root privileges, as follows:"
- ewarn
- ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo"
- ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so"
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers"
- ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d"
- ewarn " # chown root:root ${EPREFIX}/var/db/sudo"
- ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo"
- ewarn
- fi
-
- elog "To use the -A (askpass) option, you need to install a compatible"
- elog "password program from the following list. Starred packages will"
- elog "automatically register for the use with sudo (but will not force"
- elog "the -A option):"
- elog ""
- elog " [*] net-misc/ssh-askpass-fullscreen"
- elog " net-misc/x11-ssh-askpass"
- elog ""
- elog "You can override the choice by setting the SUDO_ASKPASS environmnent"
- elog "variable to the program you want to use."
-}