From 3f0ef000031210c5226258deee508714f426848c Mon Sep 17 00:00:00 2001 From: Diego Elio Pettenò Date: Thu, 15 Apr 2010 17:46:07 +0000 Subject: Version bump and cleanup old version. Version 1.7.3_beta1 is gone because it is not covered by the latest two security announces. Package-Manager: portage-2.2_rc67/cvs/Linux x86_64 --- app-admin/sudo/ChangeLog | 10 +- app-admin/sudo/Manifest | 20 +-- app-admin/sudo/sudo-1.7.2_p1.ebuild | 214 ------------------------------- app-admin/sudo/sudo-1.7.2_p3.ebuild | 221 --------------------------------- app-admin/sudo/sudo-1.7.2_p6.ebuild | 221 +++++++++++++++++++++++++++++++++ app-admin/sudo/sudo-1.7.3_beta1.ebuild | 221 --------------------------------- 6 files changed, 243 insertions(+), 664 deletions(-) delete mode 100644 app-admin/sudo/sudo-1.7.2_p1.ebuild delete mode 100644 app-admin/sudo/sudo-1.7.2_p3.ebuild create mode 100644 app-admin/sudo/sudo-1.7.2_p6.ebuild delete mode 100644 app-admin/sudo/sudo-1.7.3_beta1.ebuild (limited to 'app-admin/sudo') diff --git a/app-admin/sudo/ChangeLog b/app-admin/sudo/ChangeLog index 9d688b644342..6502b91d8979 100644 --- a/app-admin/sudo/ChangeLog +++ b/app-admin/sudo/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-admin/sudo # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.214 2010/03/01 20:31:18 armin76 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/ChangeLog,v 1.215 2010/04/15 17:46:07 flameeyes Exp $ + +*sudo-1.7.2_p6 (15 Apr 2010) + + 15 Apr 2010; Diego E. Pettenò + -sudo-1.7.2_p1.ebuild, -sudo-1.7.2_p3.ebuild, +sudo-1.7.2_p6.ebuild, + -sudo-1.7.3_beta1.ebuild: + Version bump and cleanup old version. Version 1.7.3_beta1 is gone because + it is not covered by the latest two security announces. 01 Mar 2010; Raúl Porcel sudo-1.7.2_p4.ebuild: alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #306865 diff --git a/app-admin/sudo/Manifest b/app-admin/sudo/Manifest index 8f108f04cc6b..63a3b10632fb 100644 --- a/app-admin/sudo/Manifest +++ b/app-admin/sudo/Manifest @@ -1,14 +1,20 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX sudo-1.7.2p1-securepath.patch 1719 RMD160 e8db558c04873de58c46cfbe0c1992a9f0832732 SHA1 0ea0d723258b8b8ca834115835f1d4c2caa6fad6 SHA256 1d7958aca43426213ab3685a012ce3667b7bc24b52a2fe7a1b8b0230db0f6141 AUX sudo-skeychallengeargs.diff 567 RMD160 906ee43a7c2f21d1cf5130eac5c98ef0833154fd SHA1 b0efbedc72a1ed85c74ba10e343a68368e76c3e9 SHA256 dd2f4fdba26be6c3b4af15f3b6e18efa19375e1f9c579cdc2c76ee1adcce5e1d -DIST sudo-1.7.2p1.tar.gz 771059 RMD160 5f345d6062f178700fd78c93c04ee47c03bbcc50 SHA1 2ef461d840110d2c9160db142336591775ede67a SHA256 34d11a1dd8bace0885f55b4c8bddda1da29993ff8d7174099e25bd80db1eaf7f DIST sudo-1.7.2p2.tar.gz 772399 RMD160 4ab92524639b5d6822c48d0f74f80dc1c674ab0e SHA1 b729c158f81f5cff4ce6193f3db7bee00a2c2fbe SHA256 3d93aa2d52873b1fc82dc6dd64f1046e4636735f55d9ca7861ef02235b7c7e45 -DIST sudo-1.7.2p3.tar.gz 772743 RMD160 ee33987b358a3b1667612b7b78711349035f38c3 SHA1 ae66a2f5e56e408c50b57788531d30882287cc73 SHA256 e2ec75029a7feec15049f53ad8f01345e8ed1778a0c356df5ad5f96598f922a3 DIST sudo-1.7.2p4.tar.gz 772821 RMD160 a6cc3b1436f9f4b7ac0017cd4b6bd61ee480808e SHA1 3a17105e77b35f49b0c9e14628f263a33469afe9 SHA256 57d9adbdffa881e32894231079da7d68ffe99f46942818b63baadf6c795b7bdd -DIST sudo-1.7.3b1.tar.gz 816355 RMD160 963d099bdbe14337e7a9c05edb9e8e0e4e4b5cea SHA1 8bb0d60846a2a85791b2e7d665453000c6d694a2 SHA256 81a2bb3ce0c463b967edfd425ef1751a24b7a7b84463f6743b516fa14b2c65ce -EBUILD sudo-1.7.2_p1.ebuild 6513 RMD160 4973cb8bdb47e40693a48e7ce8e54610f0318a6b SHA1 e356dcbd1c0fea524dd8352001ea2b8ee8ba9471 SHA256 7d9c19e60ca675f26df6d92691db8f28d85e89285367ff7020e2f2e0d0db3183 +DIST sudo-1.7.2p6.tar.gz 771148 RMD160 9122ee0da71fa8fe84f71e13d1a02173ef317937 SHA1 45976e82cc2ca9f34cad574629ddd998c377734e SHA256 8104c5e0130f100bbdbfbc0318fea3024027929adaafd2018f1c96c94f771161 EBUILD sudo-1.7.2_p2-r1.ebuild 6459 RMD160 c2bb35cad09bec61ae4edfd41349b8f8e8a6c113 SHA1 15e6f298104f7b3b432b153183c7b9fb8e303a92 SHA256 08d1088270ce4b29017cb0229204bdb3128e71581b68afd720a3137cb5125cfb -EBUILD sudo-1.7.2_p3.ebuild 6873 RMD160 a77583a8fe65ffc964323049b3afc2b1e7f9fb2e SHA1 c12e4ccba6175d0742ada2c8e28719cec4c1e513 SHA256 83c42b42647799e69e90c58fe1157943167977140d727254c99277edd3ae4c75 EBUILD sudo-1.7.2_p4.ebuild 6859 RMD160 92a1de73ab16dc42e00965e1416f94f3d2c0e405 SHA1 789e648183b07886f267e20b4d77f9d909e5fa9c SHA256 071ccfbd2159ad46c5b12987a3f91595715c215e2e1b15d0d7b6171aa229ef2c -EBUILD sudo-1.7.3_beta1.ebuild 6873 RMD160 3b04b47eff47294399bb728ae081632567b1ebfc SHA1 acc89d882c98bd2a1ddc6ca437b8d79b9cfb8228 SHA256 16b62f5c91bc77842326e7f845a40d6dea54159bb1651b5c1816aaa4abdec8a0 -MISC ChangeLog 29854 RMD160 bee7d57ab27c5e5a32c6d17d7158af761d839d11 SHA1 fc3fd7867234c26c570f66313d3225e3529b338d SHA256 604fe92bd392ffbf2f1c458dded3f79748ac167d002024a3b18d61458d622e80 +EBUILD sudo-1.7.2_p6.ebuild 6873 RMD160 03e58a13d0b9c96a3b6554363b0425d1195e316c SHA1 e45aaf13f61c6edff9861f39ed100a570d3faa7c SHA256 710c46624efe2bc900403f42bd04edc52df934a1fb28cc78585bdf7ddab16490 +MISC ChangeLog 30176 RMD160 6904e7a9e17d2414dcc2f31f07c219ebe081a0f7 SHA1 dc9a6eae72c5b82153d241a611160fea83c3fe33 SHA256 397170a01ee8450ac97dfec8f728615e754732fc4f12c2470d447d9f7fdcadaa MISC metadata.xml 434 RMD160 a713e5ffdcc2216a46f5023ab77c6e3aeed0d183 SHA1 49a31df517e1ec39344ac83c13e9fca87379d261 SHA256 87e2d9f4535e80f4ba1f73366040bb23cfb4b1f3101c0e33df73aff2e77fc13f +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.14 (GNU/Linux) + +iEYEARECAAYFAkvHUPEACgkQAiZjviIA2XjMEACg3KutqvfZQvVmD9XdxC4zVut7 +2VwAnAxLYdpDg4gZRj1YP9O8GoQbcv05 +=k8EH +-----END PGP SIGNATURE----- diff --git a/app-admin/sudo/sudo-1.7.2_p1.ebuild b/app-admin/sudo/sudo-1.7.2_p1.ebuild deleted file mode 100644 index 4e8c6f7520bd..000000000000 --- a/app-admin/sudo/sudo-1.7.2_p1.ebuild +++ /dev/null @@ -1,214 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/sudo/sudo-1.7.2_p1.ebuild,v 1.10 2009/10/09 17:48:38 armin76 Exp $ - -inherit eutils pam confutils autotools - -MY_P=${P/_/} -MY_P=${MY_P/beta/b} - -case "${P}" in - *_beta* | *_rc*) - uri_prefix=beta/ - ;; - *) - uri_prefix="" - ;; -esac - -DESCRIPTION="Allows users or groups to run commands as other users" -HOMEPAGE="http://www.sudo.ws/" -SRC_URI="ftp://ftp.sudo.ws/pub/sudo/${uri_prefix}${MY_P}.tar.gz" -# Basic license is ISC-style as-is, some files are released under -# 3-clause BSD license -LICENSE="as-is BSD" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" -IUSE="pam skey offensive ldap selinux" - -DEPEND="pam? ( virtual/pam ) - ldap? ( - >=net-nds/openldap-2.1.30-r1 - dev-libs/cyrus-sasl - ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - virtual/editor - virtual/mta" -RDEPEND="selinux? ( sec-policy/selinux-sudo ) - ldap? ( dev-lang/perl ) - pam? ( sys-auth/pambase ) - ${DEPEND}" -DEPEND="${DEPEND} sys-devel/bison" - -S=${WORKDIR}/${MY_P} - -pkg_setup() { - confutils_use_conflict skey pam -} - -src_unpack() { - unpack ${A}; cd "${S}" - - # compatability fix. - epatch "${FILESDIR}"/${PN}-skeychallengeargs.diff - - # additional variables to disallow, should user disable env_reset. - - # NOTE: this is not a supported mode of operation, these variables - # are added to the blacklist as a convenience to administrators - # who fail to heed the warnings of allowing untrusted users - # to access sudo. - # - # there is *no possible way* to foresee all attack vectors in - # all possible applications that could potentially be used via - # sudo, these settings will just delay the inevitable. - # - # that said, I will accept suggestions for variables that can - # be misused in _common_ interpreters or libraries, such as - # perl, bash, python, ruby, etc., in the hope of dissuading - # a casual attacker. - - # XXX: perl should be using suid_perl. - # XXX: users can remove/add more via env_delete and env_check. - # XXX: = probably safe enough for most circumstances. - - einfo "Blacklisting common variables (env_delete)..." - sudo_bad_var() { - local target='env.c' marker='\*initial_badenv_table\[\]' - - ebegin " $1" - sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} - eend $? - } - - sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. - sudo_bad_var 'FPATH' # ksh, search path for functions. - sudo_bad_var 'NULLCMD' # zsh, command on null-redir. - sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. - sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. - sudo_bad_var 'PYTHONHOME' # python, module search path. - sudo_bad_var 'PYTHONPATH' # python, search path. - sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. - sudo_bad_var 'RUBYLIB' # ruby, lib load path. - sudo_bad_var 'RUBYOPT' # ruby, cl options. - sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. - einfo "...done." - - # prevent binaries from being stripped. - sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in - - epatch "${FILESDIR}"/${MY_P}-securepath.patch - - eautoconf -} - -src_compile() { - local line ROOTPATH - - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path..." - - # why not use grep? variable might be expanded from other variables - # declared in that file. cannot just source the file, would override - # any variables already set. - eval `PS4= bash -x /etc/profile.env 2>&1 | \ - while read line; do - case $line in - ROOTPATH=*) echo $line; break;; - *) continue;; - esac - done` && einfo " Found ROOTPATH..." || \ - ewarn " Failed to find ROOTPATH, please report this." - - # remove duplicate path entries from $1 - cleanpath() { - local i=1 x n IFS=: - local -a paths; paths=($1) - - for ((n=${#paths[*]}-1;i<=n;i++)); do - for ((x=0;x&2 - unset paths[i]; continue 2; } - done; # einfo " Adding ${paths[i]}..." 1>&2 - done; echo "${paths[*]}" - } - - ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) - - # strip gcc path (bug #136027) - rmpath() { - declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: - shift - for thisp in $oldpath; do - for e; do [[ $thisp == $e ]] && continue 2; done - newpath=$newpath:$thisp - done - eval $PATHvar='${newpath#:}' - } - - rmpath ROOTPATH '*/gcc-bin/*' - - einfo "...done." - - # XXX: --disable-path-info closes an info leak, but may be confusing. - # XXX: /bin/vi may not be available, make nano visudo's default. - econf --with-secure-path="${ROOTPATH}" \ - --with-editor="${EDITOR:-/bin/nano}" \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) || die - - emake || die -} - -src_install() { - emake DESTDIR="${D}" install || die - dodoc ChangeLog HISTORY PORTING README TROUBLESHOOTING \ - UPGRADE WHATSNEW sample.sudoers sample.syslog.conf - - if use ldap; then - dodoc README.LDAP schema.OpenLDAP - dosbin sudoers2ldif - - cat - > "${T}"/ldap.conf.sudo < = probably safe enough for most circumstances. - - einfo "Blacklisting common variables (env_delete)..." - sudo_bad_var() { - local target='env.c' marker='\*initial_badenv_table\[\]' - - ebegin " $1" - sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} - eend $? - } - - sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. - sudo_bad_var 'FPATH' # ksh, search path for functions. - sudo_bad_var 'NULLCMD' # zsh, command on null-redir. - sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. - sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. - sudo_bad_var 'PYTHONHOME' # python, module search path. - sudo_bad_var 'PYTHONPATH' # python, search path. - sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. - sudo_bad_var 'RUBYLIB' # ruby, lib load path. - sudo_bad_var 'RUBYOPT' # ruby, cl options. - sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. - einfo "...done." - - # prevent binaries from being stripped. - sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in -} - -src_compile() { - local line ROOTPATH - - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path..." - - # why not use grep? variable might be expanded from other variables - # declared in that file. cannot just source the file, would override - # any variables already set. - eval `PS4= bash -x /etc/profile.env 2>&1 | \ - while read line; do - case $line in - ROOTPATH=*) echo $line; break;; - *) continue;; - esac - done` && einfo " Found ROOTPATH..." || \ - ewarn " Failed to find ROOTPATH, please report this." - - # remove duplicate path entries from $1 - cleanpath() { - local i=1 x n IFS=: - local -a paths; paths=($1) - - for ((n=${#paths[*]}-1;i<=n;i++)); do - for ((x=0;x&2 - unset paths[i]; continue 2; } - done; # einfo " Adding ${paths[i]}..." 1>&2 - done; echo "${paths[*]}" - } - - ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) - - # strip gcc path (bug #136027) - rmpath() { - declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: - shift - for thisp in $oldpath; do - for e; do [[ $thisp == $e ]] && continue 2; done - newpath=$newpath:$thisp - done - eval $PATHvar='${newpath#:}' - } - - rmpath ROOTPATH '*/gcc-bin/*' - - einfo "...done." - - # XXX: --disable-path-info closes an info leak, but may be confusing. - econf --with-secure-path="${ROOTPATH}" \ - --with-editor=/usr/libexec/gentoo-editor \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) || die - - emake || die -} - -src_install() { - emake DESTDIR="${D}" install || die - dodoc ChangeLog HISTORY PORTING README TROUBLESHOOTING \ - UPGRADE WHATSNEW sample.sudoers sample.syslog.conf - - if use ldap; then - dodoc README.LDAP schema.OpenLDAP - dosbin sudoers2ldif - - cat - > "${T}"/ldap.conf.sudo < = probably safe enough for most circumstances. + + einfo "Blacklisting common variables (env_delete)..." + sudo_bad_var() { + local target='env.c' marker='\*initial_badenv_table\[\]' + + ebegin " $1" + sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} + eend $? + } + + sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. + sudo_bad_var 'FPATH' # ksh, search path for functions. + sudo_bad_var 'NULLCMD' # zsh, command on null-redir. + sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. + sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. + sudo_bad_var 'PYTHONHOME' # python, module search path. + sudo_bad_var 'PYTHONPATH' # python, search path. + sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. + sudo_bad_var 'RUBYLIB' # ruby, lib load path. + sudo_bad_var 'RUBYOPT' # ruby, cl options. + sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. + einfo "...done." + + # prevent binaries from being stripped. + sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in +} + +src_compile() { + local line ROOTPATH + + # FIXME: secure_path is a compile time setting. using ROOTPATH + # is not perfect, env-update may invalidate this, but until it + # is available as a sudoers setting this will have to do. + einfo "Setting secure_path..." + + # why not use grep? variable might be expanded from other variables + # declared in that file. cannot just source the file, would override + # any variables already set. + eval `PS4= bash -x /etc/profile.env 2>&1 | \ + while read line; do + case $line in + ROOTPATH=*) echo $line; break;; + *) continue;; + esac + done` && einfo " Found ROOTPATH..." || \ + ewarn " Failed to find ROOTPATH, please report this." + + # remove duplicate path entries from $1 + cleanpath() { + local i=1 x n IFS=: + local -a paths; paths=($1) + + for ((n=${#paths[*]}-1;i<=n;i++)); do + for ((x=0;x&2 + unset paths[i]; continue 2; } + done; # einfo " Adding ${paths[i]}..." 1>&2 + done; echo "${paths[*]}" + } + + ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) + + # strip gcc path (bug #136027) + rmpath() { + declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: + shift + for thisp in $oldpath; do + for e; do [[ $thisp == $e ]] && continue 2; done + newpath=$newpath:$thisp + done + eval $PATHvar='${newpath#:}' + } + + rmpath ROOTPATH '*/gcc-bin/*' + + einfo "...done." + + # XXX: --disable-path-info closes an info leak, but may be confusing. + econf --with-secure-path="${ROOTPATH}" \ + --with-editor=/usr/libexec/gentoo-editor \ + --with-env-editor \ + $(use_with offensive insults) \ + $(use_with offensive all-insults) \ + $(use_with pam) \ + $(use_with skey) \ + $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ + $(use_with ldap) || die + + emake || die +} + +src_install() { + emake DESTDIR="${D}" install || die + dodoc ChangeLog HISTORY PORTING README TROUBLESHOOTING \ + UPGRADE WHATSNEW sample.sudoers sample.syslog.conf + + if use ldap; then + dodoc README.LDAP schema.OpenLDAP + dosbin sudoers2ldif + + cat - > "${T}"/ldap.conf.sudo < = probably safe enough for most circumstances. - - einfo "Blacklisting common variables (env_delete)..." - sudo_bad_var() { - local target='env.c' marker='\*initial_badenv_table\[\]' - - ebegin " $1" - sed -i 's#\(^.*'${marker}'.*$\)#\1\n\t"'${1}'",#' "${S}"/${target} - eend $? - } - - sudo_bad_var 'PERLIO_DEBUG' # perl, write debug to file. - sudo_bad_var 'FPATH' # ksh, search path for functions. - sudo_bad_var 'NULLCMD' # zsh, command on null-redir. - sudo_bad_var 'READNULLCMD' # zsh, command on null-redir. - sudo_bad_var 'GLOBIGNORE' # bash, glob paterns to ignore. - sudo_bad_var 'PYTHONHOME' # python, module search path. - sudo_bad_var 'PYTHONPATH' # python, search path. - sudo_bad_var 'PYTHONINSPECT' # python, allow inspection. - sudo_bad_var 'RUBYLIB' # ruby, lib load path. - sudo_bad_var 'RUBYOPT' # ruby, cl options. - sudo_bad_var 'ZDOTDIR' # zsh, path to search for dotfiles. - einfo "...done." - - # prevent binaries from being stripped. - sed -i 's/\($(INSTALL).*\) -s \(.*[(sudo|visudo)]\)/\1 \2/g' Makefile.in -} - -src_compile() { - local line ROOTPATH - - # FIXME: secure_path is a compile time setting. using ROOTPATH - # is not perfect, env-update may invalidate this, but until it - # is available as a sudoers setting this will have to do. - einfo "Setting secure_path..." - - # why not use grep? variable might be expanded from other variables - # declared in that file. cannot just source the file, would override - # any variables already set. - eval `PS4= bash -x /etc/profile.env 2>&1 | \ - while read line; do - case $line in - ROOTPATH=*) echo $line; break;; - *) continue;; - esac - done` && einfo " Found ROOTPATH..." || \ - ewarn " Failed to find ROOTPATH, please report this." - - # remove duplicate path entries from $1 - cleanpath() { - local i=1 x n IFS=: - local -a paths; paths=($1) - - for ((n=${#paths[*]}-1;i<=n;i++)); do - for ((x=0;x&2 - unset paths[i]; continue 2; } - done; # einfo " Adding ${paths[i]}..." 1>&2 - done; echo "${paths[*]}" - } - - ROOTPATH=$(cleanpath /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin${ROOTPATH:+:${ROOTPATH}}) - - # strip gcc path (bug #136027) - rmpath() { - declare e newpath oldpath=${!1} PATHvar=$1 thisp IFS=: - shift - for thisp in $oldpath; do - for e; do [[ $thisp == $e ]] && continue 2; done - newpath=$newpath:$thisp - done - eval $PATHvar='${newpath#:}' - } - - rmpath ROOTPATH '*/gcc-bin/*' - - einfo "...done." - - # XXX: --disable-path-info closes an info leak, but may be confusing. - econf --with-secure-path="${ROOTPATH}" \ - --with-editor=/usr/libexec/gentoo-editor \ - --with-env-editor \ - $(use_with offensive insults) \ - $(use_with offensive all-insults) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with ldap ldap_conf_file /etc/ldap.conf.sudo) \ - $(use_with ldap) || die - - emake || die -} - -src_install() { - emake DESTDIR="${D}" install || die - dodoc ChangeLog HISTORY PORTING README TROUBLESHOOTING \ - UPGRADE WHATSNEW sample.sudoers sample.syslog.conf - - if use ldap; then - dodoc README.LDAP schema.OpenLDAP - dosbin sudoers2ldif - - cat - > "${T}"/ldap.conf.sudo <