blob: e0d740576f19737a4f26a3e5d5a8e2cc2167454c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
PORTNAME= sudo
PORTVERSION= 1.9.15p3
CATEGORIES= security
MASTER_SITES= SUDO
MAINTAINER= garga@FreeBSD.org
COMMENT= Allow others to run commands as root
WWW= https://www.sudo.ws/
LICENSE= sudo
LICENSE_NAME= Sudo license
LICENSE_FILE= ${WRKSRC}/LICENSE.md
LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
USES= cpe libtool pkgconfig
CPE_VENDOR= todd_miller
USE_LDCONFIG= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \
--with-env-editor \
--with-ignore-dot \
--with-logfac=${LOGFAC} \
--with-logincap \
--with-long-otp-prompt \
--with-rundir=/var/run/sudo \
--with-tty-tickets
LDFLAGS+= -lgcc
PORTSCOUT= ignore:1
OPTIONS_DEFINE= AUDIT DISABLE_AUTH DISABLE_ROOT_SUDO DOCS EXAMPLES \
INSULTS LDAP NLS NOARGS_SHELL OPIE PAM PYTHON SSL SSSD
OPTIONS_DEFAULT= AUDIT PAM SSL
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
OPTIONS_SUB= yes
AUDIT_DESC= Enable BSM audit support
DISABLE_AUTH_DESC= Do not require authentication by default
DISABLE_ROOT_SUDO_DESC= Do not allow root to run sudo
INSULTS_DESC= Enable insults on failures
KERBEROS_DESC= Enable Kerberos 5 authentication (no PAM support)
NOARGS_SHELL_DESC= Run a shell if no arguments are given
OPIE_DESC= Enable one-time passwords (no PAM support)
PYTHON_DESC= Enable python plugin support
SSL_DESC= Use OpenSSL TLS and SHA2 functions
SSSD_DESC= Enable SSSD backend support
AUDIT_CONFIGURE_WITH= bsm-audit
DISABLE_AUTH_CONFIGURE_ON= --disable-authentication
DISABLE_ROOT_SUDO_CONFIGURE_ON= --disable-root-sudo
GSSAPI_BASE_USES= gssapi
GSSAPI_BASE_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
GSSAPI_HEIMDAL_USES= gssapi:heimdal
GSSAPI_HEIMDAL_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
GSSAPI_MIT_USES= gssapi:mit
GSSAPI_MIT_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
INSULTS_CONFIGURE_ON= --with-insults --with-all-insults
LDAP_USES= ldap
LDAP_CONFIGURE_ON= --with-ldap=${PREFIX} \
--with-ldap-conf-file=${PREFIX}/etc/${SUDO_LDAP_CONF}
NLS_USES= gettext
NLS_CONFIGURE_ENABLE= nls
NLS_CFLAGS= -I${LOCALBASE}/include
NLS_LDFLAGS= -L${LOCALBASE}/lib -lintl
NOARGS_SHELL_CONFIGURE_ENABLE= noargs-shell
OPIE_CONFIGURE_ON= --with-opie
PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin
PAM_CONFIGURE_ON= --with-pam
PYTHON_USES= python
PYTHON_CONFIGURE_ENABLE=python
SSL_USES= ssl
SSL_CONFIGURE_ON= --enable-openssl=${OPENSSLBASE}
SSSD_PREVENTS= GSSAPI_HEIMDAL
SSSD_PREVENTS_MSG= sssd requires MIT kerberos and it conflicts with heimdal
SSSD_RUN_DEPENDS= sssd:security/sssd
SSSD_CONFIGURE_ON= --with-sssd
LOGFAC?= authpriv
SUDO_LDAP_CONF?= ldap.conf
# This is intentionally not an option.
# SUDO_SECURE_PATH is a PATH string that will override the user's PATH.
# ex: make SUDO_SECURE_PATH="/sbin:/bin:/usr/sbin:/usr/bin"
.if defined(SUDO_SECURE_PATH)
CONFIGURE_ARGS+= --with-secure-path="${SUDO_SECURE_PATH}"
.endif
# This is intentionally not an option.
# SUDO_KERB5_INSTANCE is an optional instance string that will be appended
# to kerberos principals when to perform authentication. Common choices
# are "admin" and "sudo".
.if defined(SUDO_KERB5_INSTANCE)
CONFIGURE_ARGS+= --enable-kerb5-instance="${SUDO_KERB5_INSTANCE}"
.endif
.include <bsd.port.options.mk>
.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1400072
. if ${PORT_OPTIONS:MOPIE}
BUILD_DEPENDS+= opie>0:security/opie
RUN_DEPENDS+= opie>0:security/opie
. endif
.endif
.if ${ARCH} == "arm"
CONFIGURE_ARGS+= --disable-pie
.endif
post-patch:
@${REINPLACE_CMD} -E '/install-(binaries|noexec):/,/^$$/ \
s/\$$\(INSTALL\)/& ${STRIP}/;s/-b\~/-b ~/' \
${WRKSRC}/src/Makefile.in
post-install:
${INSTALL_DATA} ${FILESDIR}/pam.conf ${STAGEDIR}${PREFIX}/etc/pam.d/sudo.default
${MV} ${STAGEDIR}${PREFIX}/etc/sudo.conf ${STAGEDIR}${PREFIX}/etc/sudo.conf.sample
${MV} ${STAGEDIR}${PREFIX}/etc/sudo_logsrvd.conf ${STAGEDIR}${PREFIX}/etc/sudo_logsrvd.conf.sample
${RM} ${STAGEDIR}${PREFIX}/etc/sudoers
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/cvtsudoers
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/sudoreplay
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/sudo_intercept.so
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/sudo_logsrvd
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/sudo_sendlog
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/visudo
.for f in audit_json.so group_file.so libsudo_util.so sudoers.so system_group.so
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/${f}
.endfor
post-install-PYTHON-on:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/python_plugin.so
.include <bsd.port.mk>
|
