diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2011-08-18 15:58:35 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2011-08-18 15:58:35 +0000 |
| commit | d573beec0ef3589208aa8116969ece4136817706 (patch) | |
| tree | 66063d604b40c00924ef67461831d46c46dcba0f /app-admin | |
| parent | Fix Manifest (diff) | |
| download | gentoo-2-d573beec0ef3589208aa8116969ece4136817706.tar.gz gentoo-2-d573beec0ef3589208aa8116969ece4136817706.tar.bz2 gentoo-2-d573beec0ef3589208aa8116969ece4136817706.zip | |
Version bump, and remove old.
(Portage version: 2.2.0_alpha51/cvs/Linux x86_64)
Diffstat (limited to 'app-admin')
| -rw-r--r-- | app-admin/sudo/ChangeLog | 8 | ||||
| -rw-r--r-- | app-admin/sudo/sudo-1.8.2.ebuild (renamed from app-admin/sudo/sudo-1.7.4_p4.ebuild) | 103 |
2 files changed, 29 insertions, 82 deletions
diff --git a/app-admin/sudo/ChangeLog b/app-admin/sudo/ChangeLog index ec183bb7c642..971f61004dc7 100644 --- a/app-admin/sudo/ChangeLog +++ b/app-admin/sudo/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-admin/sudo # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.271 2011/08/11 10:58:35 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.272 2011/08/18 15:58:35 flameeyes Exp $ + +*sudo-1.8.2 (18 Aug 2011) + + 18 Aug 2011; Diego E. Pettenò <flameeyes@gentoo.org> -sudo-1.7.4_p4.ebuild, + +sudo-1.8.2.ebuild: + Version bump, and remove old. 11 Aug 2011; Ulrich Mueller <ulm@gentoo.org> sudo-1.7.4_p4.ebuild, sudo-1.7.4_p5.ebuild, sudo-1.8.1_p2.ebuild: diff --git a/app-admin/sudo/sudo-1.7.4_p4.ebuild b/app-admin/sudo/sudo-1.8.2.ebuild index 2f2c3deeb1fe..0e443277a847 100644 --- a/app-admin/sudo/sudo-1.7.4_p4.ebuild +++ b/app-admin/sudo/sudo-1.8.2.ebuild @@ -1,8 +1,10 @@ # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.7.4_p4.ebuild,v 1.7 2011/08/11 10:58:35 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.8.2.ebuild,v 1.1 2011/08/18 15:58:35 flameeyes Exp $ -inherit eutils pam +EAPI=4 + +inherit eutils pam multilib libtool MY_P=${P/_/} MY_P=${MY_P/beta/b} @@ -26,16 +28,15 @@ SRC_URI="http://www.sudo.ws/sudo/dist/${uri_prefix}${MY_P}.tar.gz LICENSE="as-is BSD" SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ~ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" -IUSE="pam skey offensive ldap selinux" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="pam offensive ldap selinux skey" DEPEND="pam? ( virtual/pam ) ldap? ( >=net-nds/openldap-2.1.30-r1 dev-libs/cyrus-sasl ) - !pam? ( skey? ( >=sys-auth/skey-1.1.5-r1 ) ) - app-misc/editor-wrapper + >=app-misc/editor-wrapper-3 virtual/editor virtual/mta" RDEPEND="selinux? ( sec-policy/selinux-sudo ) @@ -47,66 +48,15 @@ DEPEND="${DEPEND} S=${WORKDIR}/${MY_P} -pkg_setup() { - if use pam && use skey; then - ewarn "You cannot enable both S/KEY and PAM at the same time, PAM will" - ewarn "be used then." - fi -} - -src_unpack() { - unpack ${A}; cd "${S}" - - # compatability fix. - epatch "${FILESDIR}"/${PN}-skeychallengeargs.diff - - # additional variables to disallow, should user disable env_reset. - - # NOTE: this is not a supported mode of operation, these variables - # are added to the blacklist as a convenience to administrators - # who fail to heed the warnings of allowing untrusted users - # to access sudo. - # - # there is *no possible way* to foresee all attack vectors in - # all possible applications that could potentially be used via - # sudo, these settings will just delay the inevitable. - # - # that said, I will accept suggestions for variables that can - # be misused in _common_ interpreters or libraries, such as - # perl, bash, python, ruby, etc., in the hope of dissuading - # a casual attacker. - - # XXX: perl should be using suid_perl. - # XXX: users can remove/add more via env_delete and env_check. - # XXX: <?> = probably safe enough for most circumstances. - - einfo "Blacklisting common variables (env_delete)..." - sudo_bad_var() { - local target='env.c' marker='\*initial_badenv_table\[\]' - - ebegin " $1" - sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} - eend $? - } +REQUIRED_USE="pam? ( !skey ) skey? ( !pam )" - sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. - sudo_bad_var 'FPATH' # ksh, search path for functions. - sudo_bad_var 'NULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. <?> - sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. <?> - sudo_bad_var 'PYTHONHOME' # python, module search path. - sudo_bad_var 'PYTHONPATH' # python, search path. - sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. - sudo_bad_var 'RUBYLIB' # ruby, lib load path. - sudo_bad_var 'RUBYOPT' # ruby, cl options. - sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. - einfo "...done." +MAKEOPTS="${MAKEOPTS} SAMPLES=" - # prevent binaries from being stripped. - sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in +src_prepare() { + elibtoolize } -src_compile() { +src_configure() { local line ROOTPATH # FIXME: secure_path is a compile time setting. using ROOTPATH @@ -154,40 +104,35 @@ src_compile() { } rmpath ROOTPATH '*/gcc-bin/*' + rmpath ROOTPATH '*/gnat-gcc-bin/*' + rmpath ROOTPATH '*/gnat-gcc/*' einfo "...done." - if use pam; then - myconf="--with-pam --without-skey" - elif use skey; then - myconf="--without-pam --with-skey" - else - myconf="--without-pam --without-skey" - fi - # audit: somebody got to explain me how I can test this before I # enable it.. — Diego econf --with-secure-path="${ROOTPATH}" \ - --with-editor=/usr/libexec/gentoo-editor \ + --with-editor=/usr/libexec/editor \ --with-env-editor \ $(use_with offensive insults) \ $(use_with offensive all-insults) \ $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ $(use_with ldap) \ + $(use_with pam) \ + $(use_with skey) \ + --without-opie \ --without-linux-audit \ --with-timedir=/var/db/sudo \ - --docdir=/usr/share/doc/${PF} \ - ${myconf} - - emake || die + --with-plugindir=/usr/$(get_libdir)/sudo \ + --docdir=/usr/share/doc/${PF} } src_install() { emake DESTDIR="${D}" install || die if use ldap; then - dodoc README.LDAP schema.OpenLDAP - dosbin sudoers2ldif + dodoc README.LDAP doc/schema.OpenLDAP + dosbin plugins/sudoers/sudoers2ldif cat - > "${T}"/ldap.conf.sudo <<EOF # See ldap.conf(5) and README.LDAP for details\n" @@ -204,10 +149,6 @@ EOF pamd_mimic system-auth sudo auth account session - insinto /etc - doins "${S}"/sudoers - fperms 0440 /etc/sudoers - keepdir /var/db/sudo fperms 0700 /var/db/sudo } |