Update to sudo 1.9.1.

This adds a new sub-package for the optional Python plugin support, which can be disabled via the no_python pseudo-flavor. Thanks to sthen@ and ajacoutot@ for their help.
2020-06-21 12:03:33 +00:00 · 2020-06-21 12:03:33 +00:00 · 3052f16def
commit 3052f16def
parent 08ed0b9a37
9 changed files with 84 additions and 40 deletions
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@ -1,18 +1,20 @@
-# $OpenBSD: Makefile,v 1.38 2020/01/30 18:47:11 millert Exp $
+# $OpenBSD: Makefile,v 1.39 2020/06/21 12:03:33 millert Exp $

-COMMENT=	execute a command as another user
+COMMENT-main=	execute a command as another user
+COMMENT-python=	sudo Python plugin

-DISTNAME=	sudo-1.8.31
+V=		1.9.1
+DISTNAME=	sudo-${V}
 CATEGORIES=	security

+PKGNAME-main=	sudo-${V}
+PKGNAME-python=	sudo-python-${V}
+
 MAINTAINER=	Todd C. Miller <millert@openbsd.org>

 # ISC-style license
 PERMIT_PACKAGE=	Yes

-WANTLIB+=	c util z
-
-
 HOMEPAGE=	https://www.sudo.ws/

 MASTER_SITES=	https://www.sudo.ws/dist/ \
@ -27,24 +29,51 @@ CONFIGURE_ARGS+=	--with-insults \
 			--with-logfac=authpriv \
 			--with-libtool=system \
 			--disable-path-info \
+			--enable-openssl \
 			--enable-zlib=system

 SHARED_LIBS=	sudo_util	0.0

+PSEUDO_FLAVORS=	no_python
 FLAVORS=	gettext ldap
 FLAVOR?=

+MULTI_PACKAGES=		-main -python
+MODPY_VERSION=		${MODPY_DEFAULT_VERSION_3}
+MODPY_RUNDEP=		No
+
+# All sub-packages depend on these libraries
+WANTLIB=		util crypto
+
+# The gettext flavor influences LIB_DEPENDS and WANTLIB for all sub-packages
+.if ${FLAVOR:Mgettext}
+CONFIGURE_ARGS +=	--enable-nls=${LOCALBASE}
+LIB_DEPENDS+=		devel/gettext,-runtime
+WANTLIB+=		iconv intl
+.else
+CONFIGURE_ARGS+=	--disable-nls
+.endif
+
+# It is now safe to set sub-package WANTLIB and LIB_DEPENDS
+WANTLIB-main=		${WANTLIB} c z ssl
+WANTLIB-python=		${WANTLIB} libexec/sudo/sudo_util \
+			${MODPY_WANTLIB} iconv intl m pthread
+
+LIB_DEPENDS-main=	${LIB_DEPENDS}
+LIB_DEPENDS-python=	${LIB_DEPENDS} security/sudo,-main ${MODPY_LIB_DEPENDS}
+
 .if ${FLAVOR:Mldap}
 CONFIGURE_ARGS+=	--with-ldap=${LOCALBASE}
-LIB_DEPENDS+=		databases/openldap
-WANTLIB+=		crypto lber-2.4 ldap-2.4 sasl2 ssl
+LIB_DEPENDS-main+=	databases/openldap
+WANTLIB-main+=		lber ldap sasl2
 .endif
-.if ${FLAVOR:Mgettext}
-CONFIGURE_ARGS += --enable-nls=${LOCALBASE}
-LIB_DEPENDS+=	devel/gettext,-runtime
-WANTLIB+=	iconv intl
+
+.include <bsd.port.arch.mk>
+.if !${BUILD_PACKAGES:M-python}
+CONFIGURE_ARGS+=	--disable-python
 .else
-CONFIGURE_ARGS += --disable-nls
+CONFIGURE_ARGS+=	--enable-python
+MODULES=		lang/python
 .endif

 # Don't set owner on install in fake mode
--- a/security/sudo/distinfo
+++ b/security/sudo/distinfo
@ -1,2 +1,2 @@
-SHA256 (sudo-1.8.31.tar.gz) = fqjZejzuTIROCIfqehvYDrVMyY/XeWZ3bLGoBlOtRU8=
-SIZE (sudo-1.8.31.tar.gz) = 3350674
+SHA256 (sudo-1.9.1.tar.gz) = KUEWzv4QoCdzkX/HRA2DhLkllVvJam4Oqhl3yDs0rf8=
+SIZE (sudo-1.9.1.tar.gz) = 3834744
--- a/security/sudo/pkg/DESCR-main
+++ b/security/sudo/pkg/DESCR-main
@ -2,5 +2,3 @@ Sudo (su "do") allows a system administrator to delegate authority
 to give certain users (or groups of users) the ability to run some
 (or all) commands as root or another user while providing an audit
 trail of the commands and their arguments.
-
-Sudo is free software, distributed under an ISC-style license.
--- a/security/sudo/pkg/DESCR-python
+++ b/security/sudo/pkg/DESCR-python
@ -0,0 +1,3 @@
+The sudo Python plugin can be used to write sudo 1.9 plugins in
+Python instead of C.  The API closely follows the C sudo plugin API
+described by sudo_plugin(5).
--- a/security/sudo/pkg/MESSAGE
+++ b/security/sudo/pkg/MESSAGE
@ -1,20 +0,0 @@
-Please see the ${PREFIX}/share/doc/sudo/UPGRADE file for important
-information about upgrading from a previous version of sudo.
-
-Important user-visible changes compared to the version of sudo that
-used to be in OpenBSD base (1.7.2p8) include:
-
- o The tty_tickets sudoers option is now enabled by default.
-   To restore the old behavior (single time stamp per user),
-   add a line like:
-	Defaults !tty_tickets
-   to sudoers.
-
- o  The HOME and MAIL environment variables are now reset based on the
-    target user's password database entry when the env_reset sudoers option
-    is enabled (which is the case in the default configuration).  Users
-    wishing to preserve the original values should use a sudoers line like:
-	Defaults env_keep += HOME
-    to preserve the old value of HOME and
-	Defaults env_keep += MAIL
-    to preserve the old value of MAIL.
--- a/security/sudo/pkg/PFRAG.gettext-main
+++ b/security/sudo/pkg/PFRAG.gettext-main
@ -1,4 +1,4 @@
-@comment $OpenBSD: PFRAG.gettext,v 1.1 2015/07/10 15:16:03 espie Exp $
+@comment $OpenBSD: PFRAG.gettext-main,v 1.1 2020/06/21 12:03:34 millert Exp $
 share/locale/ca/LC_MESSAGES/sudo.mo
 share/locale/ca/LC_MESSAGES/sudoers.mo
 share/locale/cs/LC_MESSAGES/sudo.mo
--- a/security/sudo/pkg/PLIST-main
+++ b/security/sudo/pkg/PLIST-main
@ -1,4 +1,5 @@
-@comment $OpenBSD: PLIST,v 1.7 2019/12/31 21:54:25 millert Exp $
+@comment $OpenBSD: PLIST-main,v 1.1 2020/06/21 12:03:34 millert Exp $
+@rcscript ${RCDIR}/sudo_logsrvd
@bin bin/cvtsudoers
@mode 04555
@bin bin/sudo
@ -7,10 +8,14 @@ bin/sudoedit
@bin bin/sudoreplay
 include/sudo_plugin.h
 libexec/sudo/
+libexec/sudo/audit_json.la
+@so libexec/sudo/audit_json.so
 libexec/sudo/group_file.la
@so libexec/sudo/group_file.so
 libexec/sudo/libsudo_util.la
@lib libexec/sudo/libsudo_util.so.${LIBsudo_util_VERSION}
+libexec/sudo/sample_approval.la
+@so libexec/sudo/sample_approval.so
 libexec/sudo/sudo_noexec.la
@so libexec/sudo/sudo_noexec.so
 libexec/sudo/sudoers.la
@ -19,13 +24,19 @@ libexec/sudo/system_group.la
@so libexec/sudo/system_group.so
@man man/man1/cvtsudoers.1
@man man/man5/sudo.conf.5
+@man man/man5/sudo_logsrv.proto.5
+@man man/man5/sudo_logsrvd.conf.5
@man man/man5/sudoers.5
@man man/man5/sudoers_timestamp.5
@man man/man8/sudo.8
+@man man/man8/sudo_logsrvd.8
@man man/man8/sudo_plugin.8
+@man man/man8/sudo_sendlog.8
@man man/man8/sudoedit.8
@man man/man8/sudoreplay.8
@man man/man8/visudo.8
+@bin sbin/sudo_logsrvd
+@bin sbin/sudo_sendlog
@bin sbin/visudo
 share/doc/sudo/
 share/doc/sudo/CONTRIBUTORS
@ -38,10 +49,13 @@ share/doc/sudo/TROUBLESHOOTING
 share/doc/sudo/UPGRADE
 share/examples/sudo/
 share/examples/sudo/sudo.conf
+share/examples/sudo/sudo_logsrvd.conf
 share/examples/sudo/sudoers
 share/examples/sudo/sudoers.OpenBSD
+share/examples/sudo/syslog.conf
@mode 0440
@sample ${SYSCONFDIR}/sudoers
@mode
-share/examples/sudo/syslog.conf
+@sample ${SYSCONFDIR}/sudo.conf
+@sample ${SYSCONFDIR}/sudo_logsrvd.conf
 %%gettext%%
--- a/security/sudo/pkg/PLIST-python
+++ b/security/sudo/pkg/PLIST-python
@ -0,0 +1,11 @@
+@comment $OpenBSD: PLIST-python,v 1.1 2020/06/21 12:03:34 millert Exp $
+libexec/sudo/python_plugin.la
+@so libexec/sudo/python_plugin.so
+@man man/man8/sudo_plugin_python.8
+share/examples/sudo/example_approval_plugin.py
+share/examples/sudo/example_audit_plugin.py
+share/examples/sudo/example_conversation.py
+share/examples/sudo/example_debugging.py
+share/examples/sudo/example_group_plugin.py
+share/examples/sudo/example_io_plugin.py
+share/examples/sudo/example_policy_plugin.py
--- a/security/sudo/pkg/sudo_logsrvd.rc
+++ b/security/sudo/pkg/sudo_logsrvd.rc
@ -0,0 +1,9 @@
+#!/bin/ksh
+#
+# $OpenBSD: sudo_logsrvd.rc,v 1.1 2020/06/21 12:03:34 millert Exp $
+
+daemon="${TRUEPREFIX}/sbin/sudo_logsrvd"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1