diff options
Diffstat (limited to 'meta/recipes-extended/sudo')
5 files changed, 149 insertions, 101 deletions
diff --git a/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch new file mode 100644 index 0000000000..041c717e00 --- /dev/null +++ b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch @@ -0,0 +1,62 @@ +From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Tue, 17 Nov 2020 11:13:40 +0800 +Subject: [PATCH] sudo.conf.in: fix conflict with multilib + +When pass ${libdir} to --libexecdir of sudo, it fails to install sudo +and lib32-sudo at same time: + +| Error: Transaction test error: +| file /etc/sudo.conf conflicts between attempted installs of + sudo-1.9.3p1-r0.core2_64 and lib32-sudo-1.9.3p1-r0.core2_32 + +Update the comments in sudo.conf.in to avoid the conflict. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Upstream-Status: Inappropriate [OE configuration specific] + +--- + examples/sudo.conf.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in +index 2187457..0908d24 100644 +--- a/examples/sudo.conf.in ++++ b/examples/sudo.conf.in +@@ -4,7 +4,7 @@ + # Sudo plugins: + # Plugin plugin_name plugin_path plugin_options ... + # +-# The plugin_path is relative to @plugindir@ unless ++# The plugin_path is relative to $plugindir such as /usr/lib/sudo unless + # fully qualified. + # The plugin_name corresponds to a global symbol in the plugin + # that contains the plugin interface structure. +@@ -51,7 +51,7 @@ + # The compiled-in value is usually sufficient and should only be changed + # if you rename or move the sudo_intercept.so file. + # +-#Path intercept @intercept_file@ ++#Path intercept $intercept_file + + # + # Sudo noexec: +@@ -65,7 +65,7 @@ + # The compiled-in value is usually sufficient and should only be changed + # if you rename or move the sudo_noexec.so file. + # +-#Path noexec @noexec_file@ ++#Path noexec $noexec_file + + # + # Sudo plugin directory: +@@ -74,7 +74,7 @@ + # The default directory to use when searching for plugins that are + # specified without a fully qualified path name. + # +-#Path plugin_dir @plugindir@ ++#Path plugin_dir $plugindir + + # + # Core dumps: diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc index 90f2039bb8..feb1cf35a7 100644 --- a/meta/recipes-extended/sudo/sudo.inc +++ b/meta/recipes-extended/sudo/sudo.inc @@ -3,19 +3,18 @@ DESCRIPTION = "Sudo (superuser do) allows a system administrator to give certain HOMEPAGE = "http://www.sudo.ws" BUGTRACKER = "http://www.sudo.ws/bugs/" SECTION = "admin" -LICENSE = "ISC & BSD & Zlib" -LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=6c76b73603ac7763ab0516ebfbe67b42 \ - file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=4a162fc04b86b03f5632180fe6076cda \ - file://lib/util/reallocarray.c;beginline=3;endline=16;md5=85b0905b795d4d58bf2e00635649eec6 \ - file://lib/util/fnmatch.c;beginline=3;endline=27;md5=67f83ee9bd456557397082f8f1be0efd \ - file://lib/util/getcwd.c;beginline=5;endline=27;md5=449af4cc57fc7d46f42090608ba3e681 \ - file://lib/util/glob.c;beginline=6;endline=31;md5=5872733146b9eb0deb79e1f664815b85 \ - file://lib/util/snprintf.c;beginline=6;endline=34;md5=c82c1b3a5c32e08545c9ec5d71e41e50 \ - file://include/sudo_queue.h;beginline=5;endline=27;md5=449af4cc57fc7d46f42090608ba3e681 \ - file://lib/util/inet_pton.c;beginline=3;endline=17;md5=3970ab0518ab79cbd0bafb697f10b33a \ - file://lib/util/arc4random.c;beginline=3;endline=20;md5=15bdc89c1b003fa4d7353e6296ebfd68 \ - file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=31e630ac814d692fd0ab7a942659b46f \ - file://lib/util/getentropy.c;beginline=1;endline=19;md5=9f1a275ecd44cc264a2a4d5e06a75292 \ +LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \ + file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \ + file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \ + file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \ + file://lib/util/glob.c;beginline=2;endline=31;md5=2852f68687544e3eb8a0a61665506f0e \ + file://lib/util/snprintf.c;beginline=3;endline=33;md5=b70df6179969e38fcf68da91b53b8029 \ + file://include/sudo_queue.h;beginline=2;endline=27;md5=ad578e9664d17a010b63e4bc0576ee8d \ + file://lib/util/inet_pton.c;beginline=3;endline=17;md5=27785c9f5835093eda42aa0816a2d0b4 \ + file://lib/util/arc4random.c;beginline=3;endline=20;md5=ced8636ecefa2ba907cfe390bc3bd964 \ + file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=e30c2b777cdc00cfcaf7c445a10b262f \ + file://lib/util/getentropy.c;beginline=1;endline=19;md5=a0f58be3d60b6dcd898ec5fe0866d36f \ " inherit autotools @@ -23,22 +22,20 @@ inherit autotools PACKAGECONFIG ??= "" PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib" PACKAGECONFIG[pam-wheel] = ",,,pam-plugin-wheel" +PACKAGECONFIG[audit] = "--with-linux-audit,--without-linux-audit,audit" +PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" -CONFFILES_${PN} = "${sysconfdir}/sudoers" +EXTRA_OECONF = "--with-editor=${base_bindir}/vi --with-env-editor" -EXTRA_OECONF = "--with-editor=/bin/vi --with-env-editor" +EXTRA_OECONF:append:libc-musl = " --disable-hardening " -EXTRA_OECONF_append_libc-musl = " --disable-hardening " - -# mksigname/mksiglist are used on build host to generate source files -do_compile_prepend () { - # Remove build host references from sudo_usage.h - sed -i \ - -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's,--build=${BUILD_SYS},,g' \ - -e 's,--host=${HOST_SYS},,g' \ - ${B}/src/sudo_usage.h - oe_runmake SSP_CFLAGS="" SSP_LDFLAGS="" CC="$BUILD_CC" CFLAGS="$BUILD_CFLAGS" CPPFLAGS="$BUILD_CPPFLAGS -I${S}/include -I${S} -I${B}" -C lib/util mksigname mksiglist +do_compile:prepend () { + # Remove build host references from config.h + sed -i \ + -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,--build=${BUILD_SYS},,g' \ + -e 's,--host=${HOST_SYS},,g' \ + ${B}/config.h } # Explicitly create ${localstatedir}/lib before do_install to ensure @@ -46,6 +43,8 @@ do_compile_prepend () { # script (from sudo) will recursively create ${localstatedir}/lib/sudo # and then chmod each directory with 0700 permissions, which isn't what # we want (i.e, users would not be able to access /var/lib). -do_install_prepend (){ +do_install:prepend (){ mkdir -p ${D}/${localstatedir}/lib } + +CVE_VERSION_SUFFIX = "patch" diff --git a/meta/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch b/meta/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch deleted file mode 100644 index eb36cd49bb..0000000000 --- a/meta/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 386e2c2fa2ab2e02ef71c268a57205139be329ab Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 31 Aug 2015 07:07:49 +0000 -Subject: [PATCH] Include sys/types.h for id_t definition - -/sudo_util.h:219:14: error: unknown type name 'id_t' - __dso_public id_t sudo_strtoid_v1(const char *str, const char *sep, - char **endp, const char **errstr); - ^ - make[1]: *** [preserve_fds.o] Error 1 - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - include/sudo_util.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/include/sudo_util.h b/include/sudo_util.h -index 89c9f89..ac0855a 100644 ---- a/include/sudo_util.h -+++ b/include/sudo_util.h -@@ -17,6 +17,8 @@ - #ifndef SUDO_UTIL_H - #define SUDO_UTIL_H - -+#include <sys/types.h> -+ - #ifdef HAVE_STDBOOL_H - # include <stdbool.h> - #else --- -2.5.1 - diff --git a/meta/recipes-extended/sudo/sudo_1.8.27.bb b/meta/recipes-extended/sudo/sudo_1.8.27.bb deleted file mode 100644 index 4a34393026..0000000000 --- a/meta/recipes-extended/sudo/sudo_1.8.27.bb +++ /dev/null @@ -1,40 +0,0 @@ -require sudo.inc - -SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://0001-Include-sys-types.h-for-id_t-definition.patch \ - " - -PAM_SRC_URI = "file://sudo.pam" - -SRC_URI[md5sum] = "b5c184b13b6b5de32af630af2fd013fd" -SRC_URI[sha256sum] = "7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd33e2ec0" - -DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" - -EXTRA_OECONF += " \ - ac_cv_type_rsize_t=no \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ - " - -do_install_append () { - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then - install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo - if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then - echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo - sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers - fi - fi - - chmod 4111 ${D}${bindir}/sudo - chmod 0440 ${D}${sysconfdir}/sudoers - - # Explicitly remove the /run directory to avoid QA error - rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo -} - -FILES_${PN} += "${libdir}/tmpfiles.d" -FILES_${PN}-dev += "${libexecdir}/${BPN}/lib*${SOLIBSDEV} ${libexecdir}/${BPN}/*.la \ - ${libexecdir}/lib*${SOLIBSDEV} ${libexecdir}/*.la" diff --git a/meta/recipes-extended/sudo/sudo_1.9.15p5.bb b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb new file mode 100644 index 0000000000..8e542015ad --- /dev/null +++ b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb @@ -0,0 +1,61 @@ +require sudo.inc + +SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \ + " + +PAM_SRC_URI = "file://sudo.pam" + +SRC_URI[sha256sum] = "558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558" + +DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" + +CACHED_CONFIGUREVARS = " \ + ac_cv_type_rsize_t=no \ + ac_cv_path_MVPROG=${base_bindir}/mv \ + ac_cv_path_BSHELLPROG=${base_bindir}/sh \ + ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \ + ac_cv_path_VIPROG=${base_bindir}/vi \ + " + +EXTRA_OECONF += " \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ + --with-rundir=/run/sudo \ + --with-vardir=/var/lib/sudo \ + --libexecdir=${libdir} \ + " + +do_install:append () { + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo + if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then + echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo + sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers + fi + fi + + chmod 4111 ${D}${bindir}/sudo + chmod 0440 ${D}${sysconfdir}/sudoers + + # Explicitly remove the /sudo directory to avoid QA error + rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo +} + +FILES:${PN}-dev += "${libdir}/${BPN}/lib*${SOLIBSDEV} ${libdir}/${BPN}/*.la \ + ${libdir}/lib*${SOLIBSDEV} ${libdir}/*.la" + +CONFFILES:${PN}-lib = "${sysconfdir}/sudoers" + +SUDO_PACKAGES = "${PN}-sudo\ + ${PN}-lib" + +PACKAGE_BEFORE_PN = "${SUDO_PACKAGES}" + +RDEPENDS:${PN}-sudo = "${PN}-lib" +RDEPENDS:${PN} += "${SUDO_PACKAGES}" + +FILES:${PN}-sudo = "${bindir}/sudo ${bindir}/sudoedit" +FILES:${PN}-lib = "${localstatedir} ${libexecdir} ${sysconfdir} ${libdir} ${nonarch_libdir}" |