New port: security/doas

The doas program allows users to run commands as another user (usually
root). The doas program was written by the OpenBSD team to provide a
lightweight, simplified (and more secure) alternative to the sudo command.

Original upstream (OpenBSD) source:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/

FreeBSD version: https://github.com/slicer69/doas

NOTE: I added the two patch files to workaround issues mentioned in the PR
about hardcoding of /usr/local.

PR:		210473
Submitted by:	jsmith@resonatingmedia.com
Modified by:	jrm@ftfl.ca (see PR) and me (roberto)

6 files changed, 69 insertions, 0 deletions

diff --git a/security/doas/Makefile b/security/doas/Makefile
new file mode 100644
index 000000000000..4246dafd5c9a
--- /dev/null
+++ b/security/doas/Makefile
@@ -0,0 +1,29 @@
+# $FreeBSD$
+
+PORTNAME=	doas
+PORTVERSION=	5.9
+CATEGORIES=	security
+
+MAINTAINER=	jsmith@resonatingmedia.com
+COMMENT=	Simple sudo alternative to run commands as another user
+
+LICENSE=	ISCL
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	slicer69
+GH_PROJECT=	doas
+GH_TAGNAME=	e6f1456
+
+BINMODE=	4755
+
+SUB_FILES=	pkg-message
+PLIST_FILES=	bin/doas \
+		man/man5/doas.conf.5.gz \
+		man/man1/doas.1.gz
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_MAN} ${WRKSRC}/doas.1 ${STAGEDIR}${MAN1PREFIX}/man/man1
+	${INSTALL_MAN} ${WRKSRC}/doas.conf.5 ${STAGEDIR}${MAN5PREFIX}/man/man5
+
+.include <bsd.port.mk>
diff --git a/security/doas/distinfo b/security/doas/distinfo
new file mode 100644
index 000000000000..753a8c17a243
--- /dev/null
+++ b/security/doas/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1466641283
+SHA256 (slicer69-doas-5.9-e6f1456_GH0.tar.gz) = 304008cfca04b8825393d3cf50b6085842b36c2668fda81d24bf16e56a042c49
+SIZE (slicer69-doas-5.9-e6f1456_GH0.tar.gz) = 10469
diff --git a/security/doas/files/patch-Makefile b/security/doas/files/patch-Makefile
new file mode 100644
index 000000000000..454df08c8988
--- /dev/null
+++ b/security/doas/files/patch-Makefile
@@ -0,0 +1,11 @@
+--- Makefile.orig	2016-06-22 22:59:03 UTC
++++ Makefile
+@@ -3,7 +3,7 @@ YC?=yacc
+ BIN=doas
+ PREFIX?=/usr/local
+ OBJECTS=doas.o env.o execvpe.o y.tab.o
+-CFLAG+= -DUSE_PAM
++CFLAG+= -DUSE_PAM -DDOAS_CONF=\"${PREFIX}/etc/doas.conf\"
+ LFLAG+= -lpam
+ 
+ all: $(OBJECTS)
diff --git a/security/doas/files/patch-doas.c b/security/doas/files/patch-doas.c
new file mode 100644
index 000000000000..c646109dc1e1
--- /dev/null
+++ b/security/doas/files/patch-doas.c
@@ -0,0 +1,11 @@
+--- doas.c.orig	2016-06-22 22:59:03 UTC
++++ doas.c
+@@ -324,7 +324,7 @@ main(int argc, char **argv)
+ 	int pam_silent = PAM_SILENT;
+ #endif
+ 
+-	parseconfig("/usr/local/etc/doas.conf", 1);
++	parseconfig(DOAS_CONF, 1);
+ 
+ 	/* cmdline is used only for logging, no need to abort on truncate */
+ 	(void) strlcpy(cmdline, argv[0], sizeof(cmdline));
diff --git a/security/doas/files/pkg-message.in b/security/doas/files/pkg-message.in
new file mode 100644
index 000000000000..53362267ea80
--- /dev/null
+++ b/security/doas/files/pkg-message.in
@@ -0,0 +1,9 @@
+============================================================
+To use doas,
+
+%%ETCDIR%%/doas.conf
+
+must be created.
+
+Refer to doas.conf(5).
+============================================================
diff --git a/security/doas/pkg-descr b/security/doas/pkg-descr
new file mode 100644
index 000000000000..b0c3977bd835
--- /dev/null
+++ b/security/doas/pkg-descr
@@ -0,0 +1,6 @@
+This is the FreeBSD port of the OpenBSD "doas" command. The doas program
+allows a regular user to run commands as another user (usually root). The
+doas command is a simplified (hopefully more secure) version of the "sudo"
+command and offers an easier to read/modify configuration.
+
+WWW: https://github.com/slicer69/doas/