Update to sudo 1.9.1.

This adds a new sub-package for the optional Python plugin support,
which can be disabled via the no_python pseudo-flavor.
Thanks to sthen@ and ajacoutot@ for their help.
This commit is contained in:
millert 2020-06-21 12:03:33 +00:00
parent 08ed0b9a37
commit 3052f16def
9 changed files with 84 additions and 40 deletions

View File

@ -1,18 +1,20 @@
# $OpenBSD: Makefile,v 1.38 2020/01/30 18:47:11 millert Exp $
# $OpenBSD: Makefile,v 1.39 2020/06/21 12:03:33 millert Exp $
COMMENT= execute a command as another user
COMMENT-main= execute a command as another user
COMMENT-python= sudo Python plugin
DISTNAME= sudo-1.8.31
V= 1.9.1
DISTNAME= sudo-${V}
CATEGORIES= security
PKGNAME-main= sudo-${V}
PKGNAME-python= sudo-python-${V}
MAINTAINER= Todd C. Miller <millert@openbsd.org>
# ISC-style license
PERMIT_PACKAGE= Yes
WANTLIB+= c util z
HOMEPAGE= https://www.sudo.ws/
MASTER_SITES= https://www.sudo.ws/dist/ \
@ -27,24 +29,51 @@ CONFIGURE_ARGS+= --with-insults \
--with-logfac=authpriv \
--with-libtool=system \
--disable-path-info \
--enable-openssl \
--enable-zlib=system
SHARED_LIBS= sudo_util 0.0
PSEUDO_FLAVORS= no_python
FLAVORS= gettext ldap
FLAVOR?=
MULTI_PACKAGES= -main -python
MODPY_VERSION= ${MODPY_DEFAULT_VERSION_3}
MODPY_RUNDEP= No
# All sub-packages depend on these libraries
WANTLIB= util crypto
# The gettext flavor influences LIB_DEPENDS and WANTLIB for all sub-packages
.if ${FLAVOR:Mgettext}
CONFIGURE_ARGS += --enable-nls=${LOCALBASE}
LIB_DEPENDS+= devel/gettext,-runtime
WANTLIB+= iconv intl
.else
CONFIGURE_ARGS+= --disable-nls
.endif
# It is now safe to set sub-package WANTLIB and LIB_DEPENDS
WANTLIB-main= ${WANTLIB} c z ssl
WANTLIB-python= ${WANTLIB} libexec/sudo/sudo_util \
${MODPY_WANTLIB} iconv intl m pthread
LIB_DEPENDS-main= ${LIB_DEPENDS}
LIB_DEPENDS-python= ${LIB_DEPENDS} security/sudo,-main ${MODPY_LIB_DEPENDS}
.if ${FLAVOR:Mldap}
CONFIGURE_ARGS+= --with-ldap=${LOCALBASE}
LIB_DEPENDS+= databases/openldap
WANTLIB+= crypto lber-2.4 ldap-2.4 sasl2 ssl
LIB_DEPENDS-main+= databases/openldap
WANTLIB-main+= lber ldap sasl2
.endif
.if ${FLAVOR:Mgettext}
CONFIGURE_ARGS += --enable-nls=${LOCALBASE}
LIB_DEPENDS+= devel/gettext,-runtime
WANTLIB+= iconv intl
.include <bsd.port.arch.mk>
.if !${BUILD_PACKAGES:M-python}
CONFIGURE_ARGS+= --disable-python
.else
CONFIGURE_ARGS += --disable-nls
CONFIGURE_ARGS+= --enable-python
MODULES= lang/python
.endif
# Don't set owner on install in fake mode

View File

@ -1,2 +1,2 @@
SHA256 (sudo-1.8.31.tar.gz) = fqjZejzuTIROCIfqehvYDrVMyY/XeWZ3bLGoBlOtRU8=
SIZE (sudo-1.8.31.tar.gz) = 3350674
SHA256 (sudo-1.9.1.tar.gz) = KUEWzv4QoCdzkX/HRA2DhLkllVvJam4Oqhl3yDs0rf8=
SIZE (sudo-1.9.1.tar.gz) = 3834744

View File

@ -2,5 +2,3 @@ Sudo (su "do") allows a system administrator to delegate authority
to give certain users (or groups of users) the ability to run some
(or all) commands as root or another user while providing an audit
trail of the commands and their arguments.
Sudo is free software, distributed under an ISC-style license.

View File

@ -0,0 +1,3 @@
The sudo Python plugin can be used to write sudo 1.9 plugins in
Python instead of C. The API closely follows the C sudo plugin API
described by sudo_plugin(5).

View File

@ -1,20 +0,0 @@
Please see the ${PREFIX}/share/doc/sudo/UPGRADE file for important
information about upgrading from a previous version of sudo.
Important user-visible changes compared to the version of sudo that
used to be in OpenBSD base (1.7.2p8) include:
o The tty_tickets sudoers option is now enabled by default.
To restore the old behavior (single time stamp per user),
add a line like:
Defaults !tty_tickets
to sudoers.
o The HOME and MAIL environment variables are now reset based on the
target user's password database entry when the env_reset sudoers option
is enabled (which is the case in the default configuration). Users
wishing to preserve the original values should use a sudoers line like:
Defaults env_keep += HOME
to preserve the old value of HOME and
Defaults env_keep += MAIL
to preserve the old value of MAIL.

View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PFRAG.gettext,v 1.1 2015/07/10 15:16:03 espie Exp $
@comment $OpenBSD: PFRAG.gettext-main,v 1.1 2020/06/21 12:03:34 millert Exp $
share/locale/ca/LC_MESSAGES/sudo.mo
share/locale/ca/LC_MESSAGES/sudoers.mo
share/locale/cs/LC_MESSAGES/sudo.mo

View File

@ -1,4 +1,5 @@
@comment $OpenBSD: PLIST,v 1.7 2019/12/31 21:54:25 millert Exp $
@comment $OpenBSD: PLIST-main,v 1.1 2020/06/21 12:03:34 millert Exp $
@rcscript ${RCDIR}/sudo_logsrvd
@bin bin/cvtsudoers
@mode 04555
@bin bin/sudo
@ -7,10 +8,14 @@ bin/sudoedit
@bin bin/sudoreplay
include/sudo_plugin.h
libexec/sudo/
libexec/sudo/audit_json.la
@so libexec/sudo/audit_json.so
libexec/sudo/group_file.la
@so libexec/sudo/group_file.so
libexec/sudo/libsudo_util.la
@lib libexec/sudo/libsudo_util.so.${LIBsudo_util_VERSION}
libexec/sudo/sample_approval.la
@so libexec/sudo/sample_approval.so
libexec/sudo/sudo_noexec.la
@so libexec/sudo/sudo_noexec.so
libexec/sudo/sudoers.la
@ -19,13 +24,19 @@ libexec/sudo/system_group.la
@so libexec/sudo/system_group.so
@man man/man1/cvtsudoers.1
@man man/man5/sudo.conf.5
@man man/man5/sudo_logsrv.proto.5
@man man/man5/sudo_logsrvd.conf.5
@man man/man5/sudoers.5
@man man/man5/sudoers_timestamp.5
@man man/man8/sudo.8
@man man/man8/sudo_logsrvd.8
@man man/man8/sudo_plugin.8
@man man/man8/sudo_sendlog.8
@man man/man8/sudoedit.8
@man man/man8/sudoreplay.8
@man man/man8/visudo.8
@bin sbin/sudo_logsrvd
@bin sbin/sudo_sendlog
@bin sbin/visudo
share/doc/sudo/
share/doc/sudo/CONTRIBUTORS
@ -38,10 +49,13 @@ share/doc/sudo/TROUBLESHOOTING
share/doc/sudo/UPGRADE
share/examples/sudo/
share/examples/sudo/sudo.conf
share/examples/sudo/sudo_logsrvd.conf
share/examples/sudo/sudoers
share/examples/sudo/sudoers.OpenBSD
share/examples/sudo/syslog.conf
@mode 0440
@sample ${SYSCONFDIR}/sudoers
@mode
share/examples/sudo/syslog.conf
@sample ${SYSCONFDIR}/sudo.conf
@sample ${SYSCONFDIR}/sudo_logsrvd.conf
%%gettext%%

View File

@ -0,0 +1,11 @@
@comment $OpenBSD: PLIST-python,v 1.1 2020/06/21 12:03:34 millert Exp $
libexec/sudo/python_plugin.la
@so libexec/sudo/python_plugin.so
@man man/man8/sudo_plugin_python.8
share/examples/sudo/example_approval_plugin.py
share/examples/sudo/example_audit_plugin.py
share/examples/sudo/example_conversation.py
share/examples/sudo/example_debugging.py
share/examples/sudo/example_group_plugin.py
share/examples/sudo/example_io_plugin.py
share/examples/sudo/example_policy_plugin.py

View File

@ -0,0 +1,9 @@
#!/bin/ksh
#
# $OpenBSD: sudo_logsrvd.rc,v 1.1 2020/06/21 12:03:34 millert Exp $
daemon="${TRUEPREFIX}/sbin/sudo_logsrvd"
. /etc/rc.d/rc.subr
rc_cmd $1