Initial commit
This commit is contained in:
+25
@@ -0,0 +1,25 @@
|
||||
From f993c5c88faacc43971899aae2168ffb3e34dc80 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Kanavin <alex@linutronix.de>
|
||||
Date: Fri, 24 Sep 2021 13:36:24 +0200
|
||||
Subject: [PATCH] lib/util/mksigname.c: correctly include header for out of
|
||||
tree builds
|
||||
|
||||
Upstream-Status: Submitted [https://github.com/sudo-project/sudo/pull/123]
|
||||
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
|
||||
---
|
||||
lib/util/mksigname.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/util/mksigname.c b/lib/util/mksigname.c
|
||||
index de8b1ad..0a69e7e 100644
|
||||
--- a/lib/util/mksigname.c
|
||||
+++ b/lib/util/mksigname.c
|
||||
@@ -36,7 +36,7 @@ main(int argc, char *argv[])
|
||||
{
|
||||
unsigned int i;
|
||||
|
||||
-#include "mksigname.h"
|
||||
+#include "lib/util/mksigname.h"
|
||||
|
||||
printf("const char *const sudo_sys_signame[] = {\n");
|
||||
for (i = 0; i < nitems(sudo_sys_signame); i++) {
|
||||
+62
@@ -0,0 +1,62 @@
|
||||
From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001
|
||||
From: Kai Kang <kai.kang@windriver.com>
|
||||
Date: Tue, 17 Nov 2020 11:13:40 +0800
|
||||
Subject: [PATCH] sudo.conf.in: fix conflict with multilib
|
||||
|
||||
When pass ${libdir} to --libexecdir of sudo, it fails to install sudo
|
||||
and lib32-sudo at same time:
|
||||
|
||||
| Error: Transaction test error:
|
||||
| file /etc/sudo.conf conflicts between attempted installs of
|
||||
sudo-1.9.3p1-r0.core2_64 and lib32-sudo-1.9.3p1-r0.core2_32
|
||||
|
||||
Update the comments in sudo.conf.in to avoid the conflict.
|
||||
|
||||
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
||||
|
||||
Upstream-Status: Inappropriate [OE configuration specific]
|
||||
|
||||
---
|
||||
examples/sudo.conf.in | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in
|
||||
index 2187457..0908d24 100644
|
||||
--- a/examples/sudo.conf.in
|
||||
+++ b/examples/sudo.conf.in
|
||||
@@ -4,7 +4,7 @@
|
||||
# Sudo plugins:
|
||||
# Plugin plugin_name plugin_path plugin_options ...
|
||||
#
|
||||
-# The plugin_path is relative to @plugindir@ unless
|
||||
+# The plugin_path is relative to $plugindir such as /usr/lib/sudo unless
|
||||
# fully qualified.
|
||||
# The plugin_name corresponds to a global symbol in the plugin
|
||||
# that contains the plugin interface structure.
|
||||
@@ -51,7 +51,7 @@
|
||||
# The compiled-in value is usually sufficient and should only be changed
|
||||
# if you rename or move the sudo_intercept.so file.
|
||||
#
|
||||
-#Path intercept @intercept_file@
|
||||
+#Path intercept $intercept_file
|
||||
|
||||
#
|
||||
# Sudo noexec:
|
||||
@@ -65,7 +65,7 @@
|
||||
# The compiled-in value is usually sufficient and should only be changed
|
||||
# if you rename or move the sudo_noexec.so file.
|
||||
#
|
||||
-#Path noexec @noexec_file@
|
||||
+#Path noexec $noexec_file
|
||||
|
||||
#
|
||||
# Sudo plugin directory:
|
||||
@@ -74,7 +74,7 @@
|
||||
# The default directory to use when searching for plugins that are
|
||||
# specified without a fully qualified path name.
|
||||
#
|
||||
-#Path plugin_dir @plugindir@
|
||||
+#Path plugin_dir $plugindir
|
||||
|
||||
#
|
||||
# Core dumps:
|
||||
@@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth include common-auth
|
||||
account include common-account
|
||||
password include common-password
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
@@ -0,0 +1,51 @@
|
||||
SUMMARY = "Provide limited super user privileges to specific users"
|
||||
DESCRIPTION = "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments."
|
||||
HOMEPAGE = "http://www.sudo.ws"
|
||||
BUGTRACKER = "http://www.sudo.ws/bugs/"
|
||||
SECTION = "admin"
|
||||
LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \
|
||||
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
|
||||
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
|
||||
file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
|
||||
file://lib/util/getcwd.c;beginline=2;endline=27;md5=50f8d9667750e18dea4e84a935c12009 \
|
||||
file://lib/util/glob.c;beginline=2;endline=31;md5=2852f68687544e3eb8a0a61665506f0e \
|
||||
file://lib/util/snprintf.c;beginline=3;endline=33;md5=b70df6179969e38fcf68da91b53b8029 \
|
||||
file://include/sudo_queue.h;beginline=2;endline=27;md5=ad578e9664d17a010b63e4bc0576ee8d \
|
||||
file://lib/util/inet_pton.c;beginline=3;endline=17;md5=27785c9f5835093eda42aa0816a2d0b4 \
|
||||
file://lib/util/arc4random.c;beginline=3;endline=20;md5=ced8636ecefa2ba907cfe390bc3bd964 \
|
||||
file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=e30c2b777cdc00cfcaf7c445a10b262f \
|
||||
file://lib/util/getentropy.c;beginline=1;endline=19;md5=a0f58be3d60b6dcd898ec5fe0866d36f \
|
||||
"
|
||||
|
||||
inherit autotools
|
||||
|
||||
PACKAGECONFIG ??= ""
|
||||
PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib"
|
||||
PACKAGECONFIG[pam-wheel] = ",,,pam-plugin-wheel"
|
||||
PACKAGECONFIG[audit] = "--with-linux-audit,--without-linux-audit,audit"
|
||||
PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux"
|
||||
|
||||
EXTRA_OECONF = "--with-editor=${base_bindir}/vi --with-env-editor"
|
||||
|
||||
EXTRA_OECONF:append:libc-musl = " --disable-hardening "
|
||||
|
||||
do_compile:prepend () {
|
||||
# Remove build host references from sudo_usage.h
|
||||
sed -i \
|
||||
-e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \
|
||||
-e 's,--build=${BUILD_SYS},,g' \
|
||||
-e 's,--host=${HOST_SYS},,g' \
|
||||
${B}/src/sudo_usage.h
|
||||
}
|
||||
|
||||
# Explicitly create ${localstatedir}/lib before do_install to ensure
|
||||
# the directory is accessible by all users. Otherwise the mkinstalldirs
|
||||
# script (from sudo) will recursively create ${localstatedir}/lib/sudo
|
||||
# and then chmod each directory with 0700 permissions, which isn't what
|
||||
# we want (i.e, users would not be able to access /var/lib).
|
||||
do_install:prepend (){
|
||||
mkdir -p ${D}/${localstatedir}/lib
|
||||
}
|
||||
|
||||
CVE_VERSION_SUFFIX = "patch"
|
||||
@@ -0,0 +1,62 @@
|
||||
require sudo.inc
|
||||
|
||||
SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
|
||||
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
|
||||
file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \
|
||||
file://0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch \
|
||||
"
|
||||
|
||||
PAM_SRC_URI = "file://sudo.pam"
|
||||
|
||||
SRC_URI[sha256sum] = "92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b"
|
||||
|
||||
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
|
||||
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
|
||||
|
||||
CACHED_CONFIGUREVARS = " \
|
||||
ac_cv_type_rsize_t=no \
|
||||
ac_cv_path_MVPROG=${base_bindir}/mv \
|
||||
ac_cv_path_BSHELLPROG=${base_bindir}/sh \
|
||||
ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \
|
||||
ac_cv_path_VIPROG=${base_bindir}/vi \
|
||||
"
|
||||
|
||||
EXTRA_OECONF += " \
|
||||
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
|
||||
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \
|
||||
--with-rundir=/run/sudo \
|
||||
--with-vardir=/var/lib/sudo \
|
||||
--libexecdir=${libdir} \
|
||||
"
|
||||
|
||||
do_install:append () {
|
||||
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
|
||||
install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo
|
||||
if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then
|
||||
echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo
|
||||
sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
|
||||
fi
|
||||
fi
|
||||
|
||||
chmod 4111 ${D}${bindir}/sudo
|
||||
chmod 0440 ${D}${sysconfdir}/sudoers
|
||||
|
||||
# Explicitly remove the /sudo directory to avoid QA error
|
||||
rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo
|
||||
}
|
||||
|
||||
FILES:${PN}-dev += "${libdir}/${BPN}/lib*${SOLIBSDEV} ${libdir}/${BPN}/*.la \
|
||||
${libdir}/lib*${SOLIBSDEV} ${libdir}/*.la"
|
||||
|
||||
CONFFILES:${PN}-lib = "${sysconfdir}/sudoers"
|
||||
|
||||
SUDO_PACKAGES = "${PN}-sudo\
|
||||
${PN}-lib"
|
||||
|
||||
PACKAGE_BEFORE_PN = "${SUDO_PACKAGES}"
|
||||
|
||||
RDEPENDS:${PN}-sudo = "${PN}-lib"
|
||||
RDEPENDS:${PN} += "${SUDO_PACKAGES}"
|
||||
|
||||
FILES:${PN}-sudo = "${bindir}/sudo ${bindir}/sudoedit"
|
||||
FILES:${PN}-lib = "${localstatedir} ${libexecdir} ${sysconfdir} ${libdir} ${nonarch_libdir}"
|
||||
Reference in New Issue
Block a user