# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Horst Burkhardt <horst@adelielinux.org>
pkgname=sudo
pkgver=1.9.2
if [ "${pkgver%_*}" != "$pkgver" ]; then
	_realver=${pkgver%_*}${pkgver#*_}
else
	_realver=$pkgver
fi
pkgrel=2
pkgdesc="Give certain users the ability to run some commands as root"
url="https://www.sudo.ws/sudo/"
arch="all"
options="suid"
license="ISC AND MIT AND BSD-3-Clause AND BSD-2-Clause AND Zlib"
depends=""
makedepends_host="linux-pam-dev zlib-dev utmps-dev"
makedepends_build="bash"
makedepends="$makedepends_host $makedepends_build"
subpackages="$pkgname-doc $pkgname-dev $pkgname-lang"
source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz
	fix-cross-compile.patch
	musl-fix-headers.patch
	SIGUNUSED.patch
	CVE-2021-3156.patch
	"
builddir="$srcdir"/$pkgname-$_realver
somask="audit_json.so
	group_file.so
	libsudo_noexec.so
	libsudo_util.so.0
	sample_approval.so
	sudoers.so
	system_group.so
	"

# secfixes:
#   1.8.20_p2-r0:
#     - CVE-2017-1000368
#   1.8.28-r0:
#     - CVE-2019-14287
#   1.9.0-r0:
#     - CVE-2019-19232
#   1.9.2-r2:
#     - CVE-2021-3156

build() {
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--libexecdir=/usr/lib \
		--mandir=/usr/share/man \
		--enable-pie \
		--with-env-editor \
		--with-pam \
		--without-skey \
		--with-passprompt="[sudo] Password for %p: " \
		--with-insults=disabled \
		--with-all-insults \
		--enable-python=no \
		--disable-log-server \
		--disable-log-client \
		--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

	# Workaround until SIGUNUSED.patch is not needed anymore
	rm lib/util/mksiglist.h lib/util/mksigname.h
	make -C lib/util DEVEL=1 mksiglist.h mksigname.h

	make
}

check() {
	make check
}

package() {
	# the sudo's mkinstalldir script miscreates the leading
	# path components with bad permissions. fix this.
	install -d -m0755 "$pkgdir"/var "$pkgdir"/var/db
	make -j1 DESTDIR="$pkgdir" install
	rm -rf "$pkgdir"/var/run
}

sha512sums="20afdf2604b1c93395157382b24f225cd1ff88d3a892362e2d69fecd240c4e7171f05032c08be1778cd1dea6e460025e4241f57272fac0ea3550e220b6d73d21  sudo-1.9.2.tar.gz
f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c2407cf60de9327bdab01de51b878c5d4de49b0d62645f53c  fix-cross-compile.patch
dcc03abdd672c934f90dfd3683b3f81a8d39cfff91307d2dbd20a31a852022ab605d034c4fe11860ba99b78d391a9812fca1d6e052620b8ff2c42e4f0c7a1a62  musl-fix-headers.patch
2733c220ccbdaf61a32d8c72a5bc0209673733014f0d71b568f1523b71416e9d1754dd8c95bc6cd99aa7f935ed6e93c5f19b1a1dbb7dfc2daf9917fd37f96e78  SIGUNUSED.patch
7ef329edccbbd26ac55ff58d4c6c470bf2d829ff8ad1388d67b6ea8c2c8284fd362209cf11458787efaa4e301106bd3b49b8b7310c9d222ac3a3483a17b3ec0e  CVE-2021-3156.patch"