From 0007a6ccd7d5975b19c9033eb7bc2ce3aa98f35b Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Tue, 20 Feb 2018 22:01:10 -0600 Subject: system/sudo: add PAM-enabled sudo --- system/sudo/APKBUILD | 67 +++++++++++++++++++++++++++++++++++++ system/sudo/fix-cross-compile.patch | 15 +++++++++ system/sudo/libcrypt.patch | 11 ++++++ system/sudo/musl-fix-headers.patch | 10 ++++++ 4 files changed, 103 insertions(+) create mode 100644 system/sudo/APKBUILD create mode 100644 system/sudo/fix-cross-compile.patch create mode 100644 system/sudo/libcrypt.patch create mode 100644 system/sudo/musl-fix-headers.patch diff --git a/system/sudo/APKBUILD b/system/sudo/APKBUILD new file mode 100644 index 000000000..8a9bc25c1 --- /dev/null +++ b/system/sudo/APKBUILD @@ -0,0 +1,67 @@ +# Contributor: Sören Tempel +# Contributor: Łukasz Jendrysik +# Maintainer: Natanael Copa +pkgname=sudo +pkgver=1.8.21_p2 +if [ "${pkgver%_*}" != "$pkgver" ]; then + _realver=${pkgver%_*}${pkgver#*_} +else + _realver=$pkgver +fi +pkgrel=1 +pkgdesc="Give certain users the ability to run some commands as root" +url="http://www.sudo.ws/sudo/" +arch="all" +license="custom ISC" +makedepends_host="linux-pam-dev zlib-dev" +makedepends_build="bash" +makedepends="$makedepends_host $makedepends_build" +depends= +subpackages="$pkgname-doc $pkgname-dev" +source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz + fix-cross-compile.patch + libcrypt.patch + musl-fix-headers.patch + " +options="suid" + +# secfixes: +# 1.8.20_p2-r0: +# - CVE-2017-1000368 + +builddir="$srcdir"/$pkgname-$_realver +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --libexecdir=/usr/lib \ + --mandir=/usr/share/man \ + --disable-nls \ + --enable-pie \ + --with-env-editor \ + --with-pam \ + --without-skey \ + --with-passprompt="[sudo] password for %p: " + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + # the sudo's mkinstalldir script miscreates the leading + # path components with bad permissions. fix this. + install -d -m0755 "$pkgdir"/var "$pkgdir"/var/db + make -j1 DESTDIR="$pkgdir" install + rm -rf "$pkgdir"/var/run +} + +sha512sums="f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c sudo-1.8.21p2.tar.gz +f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c2407cf60de9327bdab01de51b878c5d4de49b0d62645f53c fix-cross-compile.patch +5ad20254aa587ef615f794081ecd55344eada5cf8c1a1d7956cc3f73375554716c483eeb74081da9a8501afce92cfbaf2abe59d1067aac67ce6e4874eb5a23e1 libcrypt.patch +113416fed7532c6092687c8bdd9913d04888d2f0a32e4333dd27a6b3d39145717ad5c3b3f05ba11bd6462612a9a013d446d254d50b2b651c33eeebe670f41ab5 musl-fix-headers.patch" diff --git a/system/sudo/fix-cross-compile.patch b/system/sudo/fix-cross-compile.patch new file mode 100644 index 000000000..d2fc97cca --- /dev/null +++ b/system/sudo/fix-cross-compile.patch @@ -0,0 +1,15 @@ +--- ./lib/util/Makefile.in.orig ++++ ./lib/util/Makefile.in +@@ -160,10 +160,10 @@ + ./mksigname > $@ + + mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/sudo_compat.h $(top_builddir)/config.h +- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@ ++ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@ + + mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/sudo_compat.h $(top_builddir)/config.h +- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@ ++ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@ + + $(srcdir)/mksiglist.h: $(srcdir)/siglist.in + @if [ -n "$(DEVEL)" ]; then \ diff --git a/system/sudo/libcrypt.patch b/system/sudo/libcrypt.patch new file mode 100644 index 000000000..e83b69113 --- /dev/null +++ b/system/sudo/libcrypt.patch @@ -0,0 +1,11 @@ +--- ./plugins/sudoers/Makefile.in.orig ++++ ./plugins/sudoers/Makefile.in +@@ -52,7 +52,7 @@ + LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la + LIBS = $(LT_LIBS) @LIBINTL@ + NET_LIBS = @NET_LIBS@ +-SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ ++SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ -lcrypt + REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ + VISUDO_LIBS = $(NET_LIBS) @LIBMD@ + TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@ diff --git a/system/sudo/musl-fix-headers.patch b/system/sudo/musl-fix-headers.patch new file mode 100644 index 000000000..18a19b75d --- /dev/null +++ b/system/sudo/musl-fix-headers.patch @@ -0,0 +1,10 @@ +--- ./include/sudo_compat.h.orig ++++ ./include/sudo_compat.h +@@ -25,6 +25,7 @@ + #include + #include + #include /* for rsize_t */ ++#include /* for id_t */ + + /* + * Macros and functions that may be missing on some operating systems. -- cgit v1.2.3-70-g09d2