From 1b341e404398d4ed8a763bed2b5cfbd0acd877dc Mon Sep 17 00:00:00 2001 From: Lars Wendler Date: Sat, 6 Jun 2015 16:59:33 +0000 Subject: Removed vulnerable versions Package-Manager: portage-2.2.20/cvs/Linux x86_64 Manifest-Sign-Key: 0x981CA6FC --- app-admin/sudo/ChangeLog | 6 +- app-admin/sudo/Manifest | 24 +++-- app-admin/sudo/sudo-1.8.11_p1.ebuild | 196 ----------------------------------- app-admin/sudo/sudo-1.8.11_p2.ebuild | 196 ----------------------------------- 4 files changed, 19 insertions(+), 403 deletions(-) delete mode 100644 app-admin/sudo/sudo-1.8.11_p1.ebuild delete mode 100644 app-admin/sudo/sudo-1.8.11_p2.ebuild (limited to 'app-admin') diff --git a/app-admin/sudo/ChangeLog b/app-admin/sudo/ChangeLog index 436da6427f18..fb59bfd74098 100644 --- a/app-admin/sudo/ChangeLog +++ b/app-admin/sudo/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for app-admin/sudo # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.389 2015/04/11 15:06:13 zlogene Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.390 2015/06/06 16:59:32 polynomial-c Exp $ + + 06 Jun 2015; Lars Wendler -sudo-1.8.11_p1.ebuild, + -sudo-1.8.11_p2.ebuild: + Removed vulnerable versions. 11 Apr 2015; Mikle Kolyada sudo-1.8.12.ebuild: ia64/ppc stable wrt bug #539532 diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest index 11af9d088d32..0bb0bd78ba4f 100644 --- a/app-admin/sudo/Manifest +++ b/app-admin/sudo/Manifest @@ -2,23 +2,27 @@ Hash: SHA256 AUX sudo-1.8.12-include-sys-types-h.patch 5838 SHA256 c86bd2e0cee16ccda405cf2888097e60f9cc489c43e71482057a4049b6b2dd4a SHA512 d230420b04bd7a8335f67450bcb638caccb5ebba1ee7c96b43343df0ada867095fa931a8743d5b8f78d7cc96a3eb855863de1cfa4723315e705cbed1dc9bd51c WHIRLPOOL adb64000d54d9c7f1c35474feebc0333354b8207740abea2e3f9c6bd6d3f21d80489dcafcd47f4358e6133b8be8062341be30b1d59abb34ba2ae96fe7a10fbe1 -DIST sudo-1.8.11p1.tar.gz 2402012 SHA256 44c275772595a119185336164bb76b6e08f23d38aa0fe0d6bab48812e75d6a43 SHA512 47e49c854698268733d5a79e2ddcb8a23d6cf032fc5f79621318eddda6caac400d9db54b9239b605a1c2b11935e366177b0adadee5fbf1872ffbdc9b16c67cf2 WHIRLPOOL 451a86cf5046440ef7c5ee2640e2bf7d434c9f78748ae1ca2ac8433acb367f6148949b4b9ff4fbf22e5c9d6f834d45c525d749ee2cdc50bb3f5f7f1eb1c776be -DIST sudo-1.8.11p2.tar.gz 2402235 SHA256 8133849418fa18cf6b6bb6893d1855ff7afe21db8923234a00bf045c90fba1ad SHA512 fdd6c14c3738cb7bafec9873c49f96270fdd36c72d14d3fc7e1ef3651275961bf17550ac1f56ed445b394985cbbf602b88f52cda1226e9007bed14a4d4fadbaa WHIRLPOOL a00fcdd34247f1efce2f22e98dea0be7b3109c7448ce749781ed9fe54c8d5f61a0fa922f09a5cda9c962eec230aa8e087b1fa118af6ff29d0f5db8929ccc1d34 DIST sudo-1.8.12.tar.gz 2493373 SHA256 163b51841de8ad19276581a6782d61f5948f1f72a0a843371a1c167d3dc4f3b0 SHA512 1815343eceb7cfa6e37c961ce1c68cf96fc290356b92078d6d24a2c85d8b7a7236df78d3ff7f5e30eba492dc8407346d884e01c0b989eef4414156cfec80b67b WHIRLPOOL 0d9e618937a08b9bf74aaebf12f5b9f96afd827728f90fa95b6a2a4f932cc84240d56674aa903062247068ec5aa3369b14bad64130caeb313330286510c2d3f6 DIST sudo-1.8.13.tar.gz 2515307 SHA256 e374e5edf2c11c00d6916a9f51cb0ad15e51c7b028370fa15169b07e61e05a25 SHA512 d5498ce8136e903a5ee9e6b1e9b69149b2268798f0678bf7fa82d56947c60d0dec1d7ee25df382e2ee05ecb660720af6b6bc24ad1b6493834e158ee3b186d03c WHIRLPOOL b06256020e5c21159f1b7ff7a9849053f89e95c58fce850653e60d625ad71f8cf9caf9421765398ed73d2ca4756483dcd9535dc856e681dc3b8d7c1206ae5553 -EBUILD sudo-1.8.11_p1.ebuild 5619 SHA256 7fe3889f35f4d05dcfb225444a07ee3febecdb17500ddf748a49679412b4808b SHA512 281274e107ac2d171a5c3806c1c69d858378aa1bc49d92ea83ff11d320f25c47c019b45d56bf260cb00193a5c2e225e410ca42b74fef70300bdb71595b11d2fc WHIRLPOOL 0fcdf075445d6d8302c23d1e8d51d6a2153fe5d80d9fb5c496807e1a2606c43a2a5c0058c847ba432b93c48f8e5886be7879cc2a557fc7b41ba802dd74502761 -EBUILD sudo-1.8.11_p2.ebuild 5637 SHA256 323373903e9c1dfe7ca033bad8ea257f50d34fb8dd0e03e277ad1a91e3b5b685 SHA512 8baa6413d284acc8ebde0e3c695451fd55b853870192c394f6175a99274edb6840aca318b3741476f195f98680b84e5de7824cd1a5a9f246795591b283389dc1 WHIRLPOOL 593ae254cb03a27a2480bf084f6d82a3247cf0c1c69437e1d63aed2ace76ad554c435e9e647baf55b060978a75f7d71cb5eac4704439cfa001ccbb4d39c21e30 EBUILD sudo-1.8.12.ebuild 5677 SHA256 3b96b5383510f87a356d5111095fea7390526e89008c04a966e8dda5ac4cd581 SHA512 ae595af16db34e16c325c0696b42b8ec6fe4095327a2e84d69327e2c1d43fbfcb466e7a31f9269414af07b6288e3cd3cf9d1ab90552512ec28ad6b89fee90fbe WHIRLPOOL 092ae1f242683a36c9f38ae25870de4aa06d8de27725a0ccd5ea58a322e455b22cca6371ba8f929b67a848ee7c030bcec175d75fc11e830fc7d24bc191c72247 EBUILD sudo-1.8.13.ebuild 5637 SHA256 e1451074e1055d96a8d3862a681a509e5085d7de809b12f7195f99fd2f3163ec SHA512 a80e61868555083f9453104bad3fbc6e2bfd1af641a07429c676c1e9c804cebe8cb080a0614aaf8ef13927644e59f8330f24b74b17d7b75e4700a247533d8330 WHIRLPOOL 6b0a641ccb091a03c673f0f4adfc4634d0877b862b6391b03bfb784e9cd722d0aa890ffc752175c3e7ec0556729332cfb4e2ef23f3a2701007086fc93f34a7e4 EBUILD sudo-9999.ebuild 5769 SHA256 be272172f9631e9ad20879566907704ad71d3278b1309ac1bb88048737de98de SHA512 cb34bd3f056bb7e605fe2f357b52ef68ab63e0b98551aef0f34b06c78df8f045746aaf6956ac130c0966725ac25f5afcfe695098940a765d4993b15fb666b621 WHIRLPOOL 6d71be1cbfffb94939f36366d3386b809d0932edae0e2dbcc68e0cf1192a4fa247f44600d9d53e0eb0e6a1724ce6c2853ff6b6de041dead9b923d40e72573db2 -MISC ChangeLog 55939 SHA256 0b1b89dcf5d4b260322be30216b2ad10ce57aa35f3e6a3097ff3b18ddfc121e7 SHA512 51a21f8992071fd215465826461d6c7d6ac3e62b2029df5f58f1d84034a2e398077c52fc96b4e815986ed802f625626ae2e63b76a9aef50b7636add77371a9b2 WHIRLPOOL 2885b88c6796a5de0811f30b9fba09f89fe16903d23e2be86cd8ddcc3477ad967faf21ba3add6d2b80e93bf336d5efca68f5ad03399ef0c60ab039f6a4aff355 +MISC ChangeLog 56080 SHA256 1181bec5361253b19728adc2071181c4d66e17c0976fae90e830c1158c1d1021 SHA512 5e9182f6b325ea84666c856971a0e9208cbc758301ba9e46911737d7c2db45113086a43e0f3c3f46c58ec053372897547dc68d4c2ba22f2ae4474420c359e75d WHIRLPOOL ad2cd693cb8b86da6cd2aba299fb8ef3232ef855f87b88d8273a045156fdb19976552ace4cd2dbd839e9e9770139e933d2a4350103d1d7758a538c7b4c448d5c MISC metadata.xml 726 SHA256 242e8a573d76b2163a928259e5226fff2c237b3e9c244860a1430fa79c5b390e SHA512 d0a7e5f53ec823d84e3c38c2bd64ba566d7cbd08c12ebf3e9b9fed10b77ce2e3e951e262f1a307aa8f0819a662559ca6f9bcf86cf05088480413e4534ce299d3 WHIRLPOOL b919b1825e68eb3285523f057fc42b5fde9e59a738ecdb1de0835af827db6284fc66848a10517a215389c4466f21b70e376f3fffc993aa338e47fca971d0af83 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iJwEAQEIAAYFAlUpN/UACgkQG9wOWsQutdbwQAQAlHEmhtMTmMaAAYXGcofIKsOn -fzPHx6Ud6xI9MA8FwrQEv0h53ffV2BmFF4bWZehwm8FIEGsXetSMrqa+TxphmbDc -Vo6zRVoTI1Mg2VCbf+4Q3aN2Fjva35KCl0y7+I5RNv7WZHiaC+3cs9fzMN8HecyX -NoQ8xcj6/r/mehA5C1U= -=FDoe +iQIcBAEBCAAGBQJVcyb1AAoJEPiazRVxLXTF0RcP/1YxuCe4U102ditMk1JuniK8 +qfbKKuX2JgFb7yNzaMc+sKNoWHQkUdVpP+0hU+ywwbWcnkk6ufOdZVXmd+8lVAyb +l9yYtNM8xaXdFOBb2Ma1acMXvdZjY7/cNHGxJCwvo0L2rl+uXtCzoFE6WWK/GzQg +xLc81z5oEOZYOQgiecgSB8uxqvCbUs1J1lcLIHrJa6aBKdvosgXnXYVzj/OZRvM2 +uCtJVwyAkYgzqz0rLaF1BTNQSc3AEa38b/HR9vdB25Ia076JZD7jMLxT23Kla381 +OalOSnHzwz4i//bWIW6R4CvSX4xwBftbRzyaTJ81y+85jT3jLW0tWmaPhUPeib6Z +1yyrQeX7JNCCbBDzD1o2/twIU3sq6ea/ZsYPVcXT3+S4kvMRJGXiT1AEuPw6jCN2 +VIdGGgm/nBU715XNcoS0/ZlXB/8zbx7/K/8jK3lQHpUGAJTWEPcG7DnkdyqomqQa +fUMRvZNulIzYf7t8slatKKg5P1Pz2HF+IDzAmZIRWXLBPOmJgu+dDLrwou7JJN5m +Xoft8x762TBotXPUlLfumschHMPj5PcaZ7B57H7m31rvoU0cAO8Q7AwbtWbrBLAG +t16+UCwNz0aRlmw//IvFjtEXQL4bjVgOwgVOV1CZ+ScgNe8nKD6n0m8ojhrwXMJR +zsKp5L+3xy07ir9TPPH/ +=ijcY -----END PGP SIGNATURE----- diff --git a/app-admin/sudo/sudo-1.8.11_p1.ebuild b/app-admin/sudo/sudo-1.8.11_p1.ebuild deleted file mode 100644 index 24987812db43..000000000000 --- a/app-admin/sudo/sudo-1.8.11_p1.ebuild +++ /dev/null @@ -1,196 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.8.11_p1.ebuild,v 1.10 2014/11/02 08:54:56 ago Exp $ - -EAPI=5 - -inherit eutils pam multilib libtool - -MY_P=${P/_/} -MY_P=${MY_P/beta/b} - -uri_prefix= -case ${P} in -*_beta*|*_rc*) uri_prefix=beta/ ;; -esac - -DESCRIPTION="Allows users or groups to run commands as other users" -HOMEPAGE="http://www.sudo.ws/" -SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz - ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" - -# Basic license is ISC-style as-is, some files are released under -# 3-clause BSD license -LICENSE="ISC BSD" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris" -IUSE="ldap nls pam offensive selinux skey +sendmail" - -DEPEND="pam? ( virtual/pam ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - ldap? ( - >=net-nds/openldap-2.1.30-r1 - dev-libs/cyrus-sasl - ) - sys-libs/zlib" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-sudo ) - ldap? ( dev-lang/perl ) - pam? ( sys-auth/pambase ) - >=app-misc/editor-wrapper-3 - virtual/editor - sendmail? ( virtual/mta )" -DEPEND="${DEPEND} - sys-devel/bison" - -S=${WORKDIR}/${MY_P} - -REQUIRED_USE="pam? ( !skey ) skey? ( !pam )" - -MAKEOPTS+=" SAMPLES=" - -src_prepare() { - elibtoolize -} - -set_rootpath() { - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path ..." - - # first extract the default ROOTPATH from build env - ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}") - if [[ -z ${ROOTPATH} ]] ; then - ewarn " Failed to find ROOTPATH, please report this" - fi - - # then remove duplicate path entries - cleanpath() { - local newpath thisp IFS=: - for thisp in $1 ; do - if [[ :${newpath}: != *:${thisp}:* ]] ; then - newpath+=:$thisp - else - einfo " Duplicate entry ${thisp} removed..." - fi - done - ROOTPATH=${newpath#:} - } - cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}} - - # finally, strip gcc paths #136027 - rmpath() { - local e newpath thisp IFS=: - for thisp in ${ROOTPATH} ; do - for e ; do [[ $thisp == $e ]] && continue 2 ; done - newpath+=:$thisp - done - ROOTPATH=${newpath#:} - } - rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' - - einfo "... done" -} - -src_configure() { - local ROOTPATH - set_rootpath - - # audit: somebody got to explain me how I can test this before I - # enable it.. - Diego - # plugindir: autoconf code is crappy and does not delay evaluation - # until `make` time, so we have to use a full path here rather than - # basing off other values. - econf \ - --enable-zlib=system \ - --with-secure-path="${ROOTPATH}" \ - --with-editor="${EPREFIX}"/usr/libexec/editor \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) \ - $(use_enable nls) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with selinux) \ - $(use_with sendmail) \ - --without-opie \ - --without-linux-audit \ - --with-rundir="${EPREFIX}"/var/run/sudo \ - --with-vardir="${EPREFIX}"/var/db/sudo \ - --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \ - --docdir="${EPREFIX}"/usr/share/doc/${PF} -} - -src_install() { - default - - if use ldap ; then - dodoc README.LDAP doc/schema.OpenLDAP - dosbin plugins/sudoers/sudoers2ldif - - cat <<-EOF > "${T}"/ldap.conf.sudo - # See ldap.conf(5) and README.LDAP for details - # This file should only be readable by root - - # supported directives: host, port, ssl, ldap_version - # uri, binddn, bindpw, sudoers_base, sudoers_debug - # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key - EOF - - insinto /etc - doins "${T}"/ldap.conf.sudo - fperms 0440 /etc/ldap.conf.sudo - fi - - pamd_mimic system-auth sudo auth account session - - keepdir /var/db/sudo - fperms 0700 /var/db/sudo - - # Don't install into /var/run as that is a tmpfs most of the time - # (bug #504854) - rm -rf "${D}"/var/run -} - -pkg_postinst() { - if use ldap ; then - ewarn - ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." - ewarn - if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then - ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" - ewarn "configured in /etc/nsswitch.conf." - ewarn - ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" - ewarn " sudoers: ldap files" - ewarn - fi - fi - if use prefix ; then - ewarn - ewarn "To use sudo, you need to change file ownership and permissions" - ewarn "with root privileges, as follows:" - ewarn - ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" - ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" - ewarn " # chown root:root ${EPREFIX}/etc/sudoers" - ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" - ewarn " # chown root:root ${EPREFIX}/var/db/sudo" - ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" - ewarn - fi - - elog "To use the -A (askpass) option, you need to install a compatible" - elog "password program from the following list. Starred packages will" - elog "automatically register for the use with sudo (but will not force" - elog "the -A option):" - elog "" - elog " [*] net-misc/ssh-askpass-fullscreen" - elog " net-misc/x11-ssh-askpass" - elog "" - elog "You can override the choice by setting the SUDO_ASKPASS environmnent" - elog "variable to the program you want to use." -} diff --git a/app-admin/sudo/sudo-1.8.11_p2.ebuild b/app-admin/sudo/sudo-1.8.11_p2.ebuild deleted file mode 100644 index 7c03dff724d8..000000000000 --- a/app-admin/sudo/sudo-1.8.11_p2.ebuild +++ /dev/null @@ -1,196 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.8.11_p2.ebuild,v 1.1 2014/10/30 16:22:39 flameeyes Exp $ - -EAPI=5 - -inherit eutils pam multilib libtool - -MY_P=${P/_/} -MY_P=${MY_P/beta/b} - -uri_prefix= -case ${P} in -*_beta*|*_rc*) uri_prefix=beta/ ;; -esac - -DESCRIPTION="Allows users or groups to run commands as other users" -HOMEPAGE="http://www.sudo.ws/" -SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz - ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" - -# Basic license is ISC-style as-is, some files are released under -# 3-clause BSD license -LICENSE="ISC BSD" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris" -IUSE="ldap nls pam offensive selinux skey +sendmail" - -DEPEND="pam? ( virtual/pam ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - ldap? ( - >=net-nds/openldap-2.1.30-r1 - dev-libs/cyrus-sasl - ) - sys-libs/zlib" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-sudo ) - ldap? ( dev-lang/perl ) - pam? ( sys-auth/pambase ) - >=app-misc/editor-wrapper-3 - virtual/editor - sendmail? ( virtual/mta )" -DEPEND="${DEPEND} - sys-devel/bison" - -S=${WORKDIR}/${MY_P} - -REQUIRED_USE="pam? ( !skey ) skey? ( !pam )" - -MAKEOPTS+=" SAMPLES=" - -src_prepare() { - elibtoolize -} - -set_rootpath() { - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path ..." - - # first extract the default ROOTPATH from build env - ROOTPATH=$(unset ROOTPATH; . "${EPREFIX}"/etc/profile.env; echo "${ROOTPATH}") - if [[ -z ${ROOTPATH} ]] ; then - ewarn " Failed to find ROOTPATH, please report this" - fi - - # then remove duplicate path entries - cleanpath() { - local newpath thisp IFS=: - for thisp in $1 ; do - if [[ :${newpath}: != *:${thisp}:* ]] ; then - newpath+=:$thisp - else - einfo " Duplicate entry ${thisp} removed..." - fi - done - ROOTPATH=${newpath#:} - } - cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}} - - # finally, strip gcc paths #136027 - rmpath() { - local e newpath thisp IFS=: - for thisp in ${ROOTPATH} ; do - for e ; do [[ $thisp == $e ]] && continue 2 ; done - newpath+=:$thisp - done - ROOTPATH=${newpath#:} - } - rmpath '*/gcc-bin/*' '*/gnat-gcc-bin/*' '*/gnat-gcc/*' - - einfo "... done" -} - -src_configure() { - local ROOTPATH - set_rootpath - - # audit: somebody got to explain me how I can test this before I - # enable it.. - Diego - # plugindir: autoconf code is crappy and does not delay evaluation - # until `make` time, so we have to use a full path here rather than - # basing off other values. - econf \ - --enable-zlib=system \ - --with-secure-path="${ROOTPATH}" \ - --with-editor="${EPREFIX}"/usr/libexec/editor \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) \ - $(use_enable nls) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with selinux) \ - $(use_with sendmail) \ - --without-opie \ - --without-linux-audit \ - --with-rundir="${EPREFIX}"/var/run/sudo \ - --with-vardir="${EPREFIX}"/var/db/sudo \ - --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sudo \ - --docdir="${EPREFIX}"/usr/share/doc/${PF} -} - -src_install() { - default - - if use ldap ; then - dodoc README.LDAP doc/schema.OpenLDAP - dosbin plugins/sudoers/sudoers2ldif - - cat <<-EOF > "${T}"/ldap.conf.sudo - # See ldap.conf(5) and README.LDAP for details - # This file should only be readable by root - - # supported directives: host, port, ssl, ldap_version - # uri, binddn, bindpw, sudoers_base, sudoers_debug - # tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key - EOF - - insinto /etc - doins "${T}"/ldap.conf.sudo - fperms 0440 /etc/ldap.conf.sudo - fi - - pamd_mimic system-auth sudo auth account session - - keepdir /var/db/sudo - fperms 0700 /var/db/sudo - - # Don't install into /var/run as that is a tmpfs most of the time - # (bug #504854) - rm -rf "${D}"/var/run -} - -pkg_postinst() { - if use ldap ; then - ewarn - ewarn "sudo uses the /etc/ldap.conf.sudo file for ldap configuration." - ewarn - if grep -qs '^[[:space:]]*sudoers:' "${ROOT}"/etc/nsswitch.conf ; then - ewarn "In 1.7 series, LDAP is no more consulted, unless explicitly" - ewarn "configured in /etc/nsswitch.conf." - ewarn - ewarn "To make use of LDAP, add this line to your /etc/nsswitch.conf:" - ewarn " sudoers: ldap files" - ewarn - fi - fi - if use prefix ; then - ewarn - ewarn "To use sudo, you need to change file ownership and permissions" - ewarn "with root privileges, as follows:" - ewarn - ewarn " # chown root:root ${EPREFIX}/usr/bin/sudo" - ewarn " # chown root:root ${EPREFIX}/usr/lib/sudo/sudoers.so" - ewarn " # chown root:root ${EPREFIX}/etc/sudoers" - ewarn " # chown root:root ${EPREFIX}/etc/sudoers.d" - ewarn " # chown root:root ${EPREFIX}/var/db/sudo" - ewarn " # chmod 4111 ${EPREFIX}/usr/bin/sudo" - ewarn - fi - - elog "To use the -A (askpass) option, you need to install a compatible" - elog "password program from the following list. Starred packages will" - elog "automatically register for the use with sudo (but will not force" - elog "the -A option):" - elog "" - elog " [*] net-misc/ssh-askpass-fullscreen" - elog " net-misc/x11-ssh-askpass" - elog "" - elog "You can override the choice by setting the SUDO_ASKPASS environmnent" - elog "variable to the program you want to use." -} -- cgit v1.2.3-65-gdbad