opendoas: Import OpenDoas-6.6.1 as wip/opendoas

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: opendoas: Import OpenDoas-6.6.1 as wip/opendoas
From: Sunil Nimmagadda <sunil%nimmagadda.net@localhost>
Date: Sun, 01 Nov 2020 14:05:15 +0000
Module Name:	pkgsrc-wip
Committed By:	Sunil Nimmagadda <sunil%nimmagadda.net@localhost>
Pushed By:	skn
Date:		Sun Nov 1 19:35:15 2020 +0530
Changeset:	e2074711480246f0c183bee4ea6b4de457c75f65

Added Files:
	opendoas/DESCR
	opendoas/Makefile
	opendoas/PLIST
	opendoas/distinfo
	opendoas/patches/patch-bsd.prog.mk
	opendoas/patches/patch-configure
	opendoas/patches/patch-doas.c
	opendoas/patches/patch-pam.c

Log Message:
opendoas: Import OpenDoas-6.6.1 as wip/opendoas

An unofficial, portable fork of the OpenBSD doas command.

doas is a minimal replacement for the venerable sudo. It was
initially written by Ted Unangst of the OpenBSD project to provide
95% of the features of sudo with a fraction of the codebase.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=e2074711480246f0c183bee4ea6b4de457c75f65

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 opendoas/DESCR                     |  5 +++++
 opendoas/Makefile                  | 37 +++++++++++++++++++++++++++++++++++++
 opendoas/PLIST                     |  4 ++++
 opendoas/distinfo                  | 10 ++++++++++
 opendoas/patches/patch-bsd.prog.mk | 15 +++++++++++++++
 opendoas/patches/patch-configure   | 16 ++++++++++++++++
 opendoas/patches/patch-doas.c      | 28 ++++++++++++++++++++++++++++
 opendoas/patches/patch-pam.c       | 16 ++++++++++++++++
 8 files changed, 131 insertions(+)

diffs:
diff --git a/opendoas/DESCR b/opendoas/DESCR
new file mode 100644
index 0000000000..f0ff6ad7ba
--- /dev/null
+++ b/opendoas/DESCR
@@ -0,0 +1,5 @@
+An unofficial, portable fork of the OpenBSD doas command.
+
+doas is a minimal replacement for the venerable sudo. It was
+initially written by Ted Unangst of the OpenBSD project to provide
+95% of the features of sudo with a fraction of the codebase.
diff --git a/opendoas/Makefile b/opendoas/Makefile
new file mode 100644
index 0000000000..99807fa267
--- /dev/null
+++ b/opendoas/Makefile
@@ -0,0 +1,37 @@
+# $NetBSD$
+
+DISTNAME=	OpenDoas-6.6.1
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_GITHUB:=duncaen/}
+GITHUB_TAG=	v${PKGVERSION_NOREV}
+
+MAINTAINER=	sunil%nimmagadda.net@localhost
+HOMEPAGE=	https://github.com/duncaen/opendoas
+COMMENT=	Execute commands as another user
+LICENSE=	isc
+
+CONFLICTS=	doas-[0-9]*
+
+SUBST_CLASSES+=		paths
+SUBST_MESSAGE.paths=	Fixing hardcoded paths.
+SUBST_STAGE.paths=	pre-configure
+SUBST_FILES.paths=	doas.1 doas.conf.5
+SUBST_SED.paths=	-e "s,/etc,${PKG_SYSCONFDIR},"
+
+HAS_CONFIGURE=		yes
+CONFIGURE_ARGS+=	--prefix=${PREFIX}
+CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
+CONFIGURE_ARGS+=	--mandir=${PREFIX}/${PKGMANDIR}
+
+USE_TOOLS=	gmake
+BUILD_TARGET=	default
+
+CFLAGS+=	-D_OPENBSD_SOURCE=1
+CFLAGS+=	-DDOAS_CONF="\"${PKG_SYSCONFDIR}/doas.conf\""
+
+SPECIAL_PERMS+=	bin/doas ${SETUID_ROOT_PERMS}
+
+NOT_FOR_UNPRIVILEGED=	yes
+
+.include "../../mk/pam.buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/opendoas/PLIST b/opendoas/PLIST
new file mode 100644
index 0000000000..7ba8572cbe
--- /dev/null
+++ b/opendoas/PLIST
@@ -0,0 +1,4 @@
+@comment $NetBSD$
+bin/doas
+man/man1/doas.1
+man/man5/doas.conf.5
diff --git a/opendoas/distinfo b/opendoas/distinfo
new file mode 100644
index 0000000000..a936b77b79
--- /dev/null
+++ b/opendoas/distinfo
@@ -0,0 +1,10 @@
+$NetBSD$
+
+SHA1 (OpenDoas-6.6.1.tar.gz) = 4509c04803c27e8c9940322e51dc4b9184360c4a
+RMD160 (OpenDoas-6.6.1.tar.gz) = b938edf57caf8cf90df3393f0c9c2cf0ee95e851
+SHA512 (OpenDoas-6.6.1.tar.gz) = 390e0e139a2641be22c4493c3ed755d9cb4091f4ab8d590123b7c8c4f2f116cea3b3500926ff191fb98d92192ca9e92118cbcbeb463a7833763e00c65603e678
+Size (OpenDoas-6.6.1.tar.gz) = 30783 bytes
+SHA1 (patch-bsd.prog.mk) = 78db9daba2593e6481c1da29ad96bee4d87785b9
+SHA1 (patch-configure) = e144a8009b96a00da0320cffc477f36c32c1cfc1
+SHA1 (patch-doas.c) = 7c9ac462d1a370286d1299d5eaf666a34fef7ec4
+SHA1 (patch-pam.c) = 35df55b83d0071aba476d61dd80ec3e7081f5d4a
diff --git a/opendoas/patches/patch-bsd.prog.mk b/opendoas/patches/patch-bsd.prog.mk
new file mode 100644
index 0000000000..364211fa3c
--- /dev/null
+++ b/opendoas/patches/patch-bsd.prog.mk
@@ -0,0 +1,15 @@
+$NetBSD$
+
+Use SETUID_ROOT_PERMS and allow building as normal user.
+
+--- bsd.prog.mk.orig	2020-11-01 11:47:22.462380395 +0000
++++ bsd.prog.mk
+@@ -22,8 +22,6 @@ install: ${PROG} ${PAM_DOAS} ${MAN}
+ 	mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man1
+ 	mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man5
+ 	cp -f ${PROG} ${DESTDIR}${BINDIR}
+-	chown ${BINOWN}:${BINGRP} ${DESTDIR}${BINDIR}/${PROG}
+-	chmod ${BINMODE} ${DESTDIR}${BINDIR}/${PROG}
+ 	[ -n "${PAM_DOAS}" ] && cp ${PAM_DOAS} ${DESTDIR}${PAMDIR}/doas || true
+ 	[ -n "${PAM_DOAS}" ] && chmod 0644 ${DESTDIR}${PAMDIR}/doas || true
+ 	cp -f doas.1 ${DESTDIR}${MANDIR}/man1
diff --git a/opendoas/patches/patch-configure b/opendoas/patches/patch-configure
new file mode 100644
index 0000000000..6b54398622
--- /dev/null
+++ b/opendoas/patches/patch-configure
@@ -0,0 +1,16 @@
+$NetBSD$
+
+setresuid isn't supported on NetBSD.
+
+--- configure.orig	2020-11-01 11:52:06.488906380 +0000
++++ configure
+@@ -340,7 +340,9 @@ int main(void) {
+ 	setresuid(0, 0, 0);
+ 	return 0;
+ }'
++if [ "$(uname)" != "NetBSD" ]; then
+ check_func "setresuid" "$src" || die "system has no setresuid(2): not supported"
++fi
+ 
+ #
+ # Check for closefrom().
diff --git a/opendoas/patches/patch-doas.c b/opendoas/patches/patch-doas.c
new file mode 100644
index 0000000000..e159e9f2a7
--- /dev/null
+++ b/opendoas/patches/patch-doas.c
@@ -0,0 +1,28 @@
+$NetBSD$
+
+setresuid/setresguid are not supported on NetBSD.
+Do not hard code config file path.
+
+--- doas.c.orig	2020-11-01 09:47:52.740280363 +0000
++++ doas.c
+@@ -34,6 +34,11 @@
+ #include "includes.h"
+ #include "doas.h"
+ 
++#ifdef __netbsd__
++#define setresgid(a, b, c)	setgid(a)
++#define setresuid(a, b, c)	setuid(a)
++#endif
++
+ static void __dead
+ usage(void)
+ {
+@@ -325,7 +330,7 @@ main(int argc, char **argv)
+ 	if (geteuid())
+ 		errx(1, "not installed setuid");
+ 
+-	parseconfig("/etc/doas.conf", 1);
++	parseconfig(DOAS_CONF, 1);
+ 
+ 	/* cmdline is used only for logging, no need to abort on truncate */
+ 	(void)strlcpy(cmdline, argv[0], sizeof(cmdline));
diff --git a/opendoas/patches/patch-pam.c b/opendoas/patches/patch-pam.c
new file mode 100644
index 0000000000..e7c23163e2
--- /dev/null
+++ b/opendoas/patches/patch-pam.c
@@ -0,0 +1,16 @@
+$NetBSD$
+
+HOST_NAME_MAX isn't defined on NetBSD.
+
+--- pam.c.orig	2020-02-03 21:41:31.000000000 +0000
++++ pam.c
+@@ -271,6 +271,9 @@ pamauth(const char *user, const char *my
+ 		if (!interactive)
+ 			errx(1, "Authorization required");
+ 
++#ifdef __netbsd__
++#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
++#endif
+ 		/* doas style prompt for pam */
+ 		char host[HOST_NAME_MAX + 1];
+ 		if (gethostname(host, sizeof(host)))
Prev by Date: jitsi-meet: remove unneeded dependencies
Next by Date: py-anki2: make this fetchable even if there is a new version out
Previous by Thread: jitsi-meet: remove unneeded dependencies
Next by Thread: py-anki2: make this fetchable even if there is a new version out
Indexes:
Home | Main Index | Thread Index | Old Index