[update] security/sudo to 1.9.1

Todd C . Miller Fri, 19 Jun 2020 13:45:17 -0700

Starting with sudo 1.9.0, sudo ships with a log server for storing
centralized I/O (session) logs.  It also has the ability to use
plugins written in Python.  I've converted it to a multi-package
port so people who are not interested in those additions don't need
to install them.


This is the first time I've done anything with multi-packages so
I'd appreciate it if someone could give this a look and let me know
if I've done anything wrong.

I have tested the packages both with and without the gettext and
ldap flavors.

Thanks!

 - todd

Index: security/sudo/Makefile
===================================================================
RCS file: /cvs/ports/security/sudo/Makefile,v
retrieving revision 1.38
diff -u -p -u -r1.38 Makefile
--- security/sudo/Makefile      30 Jan 2020 18:47:11 -0000      1.38
+++ security/sudo/Makefile      19 Jun 2020 20:19:06 -0000
@@ -1,18 +1,22 @@
 # $OpenBSD: Makefile,v 1.38 2020/01/30 18:47:11 millert Exp $
 
-COMMENT=       execute a command as another user
+COMMENT-main=  execute a command as another user
+COMMENT-logsrv=        sudo I/O log server
+COMMENT-python=        sudo Python plugin
 
-DISTNAME=      sudo-1.8.31
+V=             1.9.1
+DISTNAME=      sudo-${V}
 CATEGORIES=    security
 
+PKGNAME-main=  sudo-${V}
+PKGNAME-logsrv=        sudo-logsrv-${V}
+PKGNAME-python=        sudo-python-${V}
+
 MAINTAINER=    Todd C. Miller <mill...@openbsd.org>
 
 # ISC-style license
 PERMIT_PACKAGE=        Yes
 
-WANTLIB+=      c util z
-
-
 HOMEPAGE=      https://www.sudo.ws/
 
 MASTER_SITES=  https://www.sudo.ws/dist/ \
@@ -27,24 +31,55 @@ CONFIGURE_ARGS+=    --with-insults \
                        --with-logfac=authpriv \
                        --with-libtool=system \
                        --disable-path-info \
+                       --enable-openssl \
                        --enable-zlib=system
 
 SHARED_LIBS=   sudo_util       0.0
 
+PSEUDO_FLAVORS=        no_python
 FLAVORS=       gettext ldap
 FLAVOR?=
 
-.if ${FLAVOR:Mldap}
+# There are (up to) three sub-packages.  The python sub-package
+# can be disabled by the no_python pseudo-flavor, see below.
+MULTI_PACKAGES=        -main -logsrv
+RUN_DEPENDS-logsrv=    ${BASE_PKGPATH},-main
+RUN_DEPENDS-python=    ${BASE_PKGPATH},-main ${MODPY_RUN_DEPENDS}
+MODPY_RUNDEP=  No
+
+# All sub-packages depend on these libraries
+WANTLIB=       c util z crypto ssl
+
+# The gettext flavor influences LIB_DEPENDS and WANTLIB for all sub-packages
+.if ${FLAVOR:Mgettext}
+CONFIGURE_ARGS +=      --enable-nls=${LOCALBASE}
+LIB_DEPENDS+=          devel/gettext,-runtime
+WANTLIB+=              iconv intl
+.else
+CONFIGURE_ARGS +=      --disable-nls
+.endif
+
+# It is now safe to set sub-package WANTLIB and LIB_DEPENDS
+WANTLIB-main=          ${WANTLIB}
+WANTLIB-logsrv=                ${WANTLIB}
+WANTLIB-python=                ${WANTLIB}
+LIB_DEPENDS-main=      ${LIB_DEPENDS}
+LIB_DEPENDS-logsrv=    ${LIB_DEPENDS}
+LIB_DEPENDS-python=    ${LIB_DEPENDS}
+
+.if ${FLAVOR:L:Mldap}
 CONFIGURE_ARGS+=       --with-ldap=${LOCALBASE}
-LIB_DEPENDS+=          databases/openldap
-WANTLIB+=              crypto lber-2.4 ldap-2.4 sasl2 ssl
+LIB_DEPENDS-main+=     databases/openldap
+WANTLIB-main+=         lber-2.4 ldap-2.4 sasl2
 .endif
-.if ${FLAVOR:Mgettext}
-CONFIGURE_ARGS += --enable-nls=${LOCALBASE}
-LIB_DEPENDS+=  devel/gettext,-runtime
-WANTLIB+=      iconv intl
+
+.if ${FLAVOR:L:Mno_python}
+CONFIGURE_ARGS+=       --disable-python
 .else
-CONFIGURE_ARGS += --disable-nls
+MULTI_PACKAGES+=       -python
+CONFIGURE_ARGS+=       --enable-python
+MODULES=               lang/python
+MODPY_VERSION=         ${MODPY_DEFAULT_VERSION_3}
 .endif
 
 # Don't set owner on install in fake mode
Index: security/sudo/distinfo
===================================================================
RCS file: /cvs/ports/security/sudo/distinfo,v
retrieving revision 1.29
diff -u -p -u -r1.29 distinfo
--- security/sudo/distinfo      30 Jan 2020 18:47:11 -0000      1.29
+++ security/sudo/distinfo      19 Jun 2020 18:41:00 -0000
@@ -1,2 +1,2 @@
-SHA256 (sudo-1.8.31.tar.gz) = fqjZejzuTIROCIfqehvYDrVMyY/XeWZ3bLGoBlOtRU8=
-SIZE (sudo-1.8.31.tar.gz) = 3350674
+SHA256 (sudo-1.9.1.tar.gz) = KUEWzv4QoCdzkX/HRA2DhLkllVvJam4Oqhl3yDs0rf8=
+SIZE (sudo-1.9.1.tar.gz) = 3834744
Index: security/sudo/pkg/DESCR
===================================================================
RCS file: security/sudo/pkg/DESCR
diff -N security/sudo/pkg/DESCR
--- security/sudo/pkg/DESCR     22 Jun 2015 15:52:16 -0000      1.1.1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,6 +0,0 @@
-Sudo (su "do") allows a system administrator to delegate authority
-to give certain users (or groups of users) the ability to run some
-(or all) commands as root or another user while providing an audit
-trail of the commands and their arguments.
-
-Sudo is free software, distributed under an ISC-style license.
Index: security/sudo/pkg/DESCR-logsrv
===================================================================
RCS file: security/sudo/pkg/DESCR-logsrv
diff -N security/sudo/pkg/DESCR-logsrv
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/sudo/pkg/DESCR-logsrv      19 Jun 2020 19:10:11 -0000
@@ -0,0 +1,4 @@
+The sudo logserver, sudo_logsrvd, can be used to centralize storage
+of sudo event and I/O (session) logs.  I/O Logs created by sudo_logsrvd
+can be replayed via the sudoreplay utility in the same way as logs
+generated directly by the sudoers plugin.
Index: security/sudo/pkg/DESCR-main
===================================================================
RCS file: security/sudo/pkg/DESCR-main
diff -N security/sudo/pkg/DESCR-main
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/sudo/pkg/DESCR-main        19 Jun 2020 20:32:16 -0000
@@ -0,0 +1,4 @@
+Sudo (su "do") allows a system administrator to delegate authority
+to give certain users (or groups of users) the ability to run some
+(or all) commands as root or another user while providing an audit
+trail of the commands and their arguments.
Index: security/sudo/pkg/DESCR-python
===================================================================
RCS file: security/sudo/pkg/DESCR-python
diff -N security/sudo/pkg/DESCR-python
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/sudo/pkg/DESCR-python      19 Jun 2020 19:11:01 -0000
@@ -0,0 +1,3 @@
+The sudo Python plugin can be used to write sudo 1.9 plugins in
+Python instead of C.  The API closely follows the C sudo plugin API
+described by sudo_plugin(5).
Index: security/sudo/pkg/PFRAG.gettext
===================================================================
RCS file: security/sudo/pkg/PFRAG.gettext
diff -N security/sudo/pkg/PFRAG.gettext
--- security/sudo/pkg/PFRAG.gettext     10 Jul 2015 15:16:03 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,53 +0,0 @@
-@comment $OpenBSD: PFRAG.gettext,v 1.1 2015/07/10 15:16:03 espie Exp $
-share/locale/ca/LC_MESSAGES/sudo.mo
-share/locale/ca/LC_MESSAGES/sudoers.mo
-share/locale/cs/LC_MESSAGES/sudo.mo
-share/locale/cs/LC_MESSAGES/sudoers.mo
-share/locale/da/LC_MESSAGES/sudo.mo
-share/locale/da/LC_MESSAGES/sudoers.mo
-share/locale/de/LC_MESSAGES/sudo.mo
-share/locale/de/LC_MESSAGES/sudoers.mo
-share/locale/el/LC_MESSAGES/sudoers.mo
-share/locale/eo/LC_MESSAGES/sudo.mo
-share/locale/eo/LC_MESSAGES/sudoers.mo
-share/locale/es/LC_MESSAGES/sudo.mo
-share/locale/eu/LC_MESSAGES/sudo.mo
-share/locale/eu/LC_MESSAGES/sudoers.mo
-share/locale/fi/LC_MESSAGES/sudo.mo
-share/locale/fi/LC_MESSAGES/sudoers.mo
-share/locale/fr/LC_MESSAGES/sudo.mo
-share/locale/fr/LC_MESSAGES/sudoers.mo
-share/locale/gl/LC_MESSAGES/sudo.mo
-share/locale/hr/LC_MESSAGES/sudo.mo
-share/locale/hr/LC_MESSAGES/sudoers.mo
-share/locale/it/LC_MESSAGES/sudo.mo
-share/locale/it/LC_MESSAGES/sudoers.mo
-share/locale/ja/LC_MESSAGES/sudo.mo
-share/locale/ja/LC_MESSAGES/sudoers.mo
-share/locale/lt/
-share/locale/lt/LC_MESSAGES/
-share/locale/lt/LC_MESSAGES/sudoers.mo
-share/locale/nb/LC_MESSAGES/sudo.mo
-share/locale/nb/LC_MESSAGES/sudoers.mo
-share/locale/nl/LC_MESSAGES/sudo.mo
-share/locale/nl/LC_MESSAGES/sudoers.mo
-share/locale/pl/LC_MESSAGES/sudo.mo
-share/locale/pl/LC_MESSAGES/sudoers.mo
-share/locale/pt_BR/LC_MESSAGES/sudo.mo
-share/locale/pt_BR/LC_MESSAGES/sudoers.mo
-share/locale/ru/LC_MESSAGES/sudo.mo
-share/locale/ru/LC_MESSAGES/sudoers.mo
-share/locale/sl/LC_MESSAGES/sudo.mo
-share/locale/sl/LC_MESSAGES/sudoers.mo
-share/locale/sr/LC_MESSAGES/sudo.mo
-share/locale/sr/LC_MESSAGES/sudoers.mo
-share/locale/sv/LC_MESSAGES/sudo.mo
-share/locale/sv/LC_MESSAGES/sudoers.mo
-share/locale/tr/LC_MESSAGES/sudo.mo
-share/locale/tr/LC_MESSAGES/sudoers.mo
-share/locale/uk/LC_MESSAGES/sudo.mo
-share/locale/uk/LC_MESSAGES/sudoers.mo
-share/locale/vi/LC_MESSAGES/sudo.mo
-share/locale/vi/LC_MESSAGES/sudoers.mo
-share/locale/zh_CN/LC_MESSAGES/sudo.mo
-share/locale/zh_CN/LC_MESSAGES/sudoers.mo
Index: security/sudo/pkg/PFRAG.gettext-main
===================================================================
RCS file: security/sudo/pkg/PFRAG.gettext-main
diff -N security/sudo/pkg/PFRAG.gettext-main
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/sudo/pkg/PFRAG.gettext-main        10 Jul 2015 15:16:03 -0000
@@ -0,0 +1,53 @@
+@comment $OpenBSD: PFRAG.gettext,v 1.1 2015/07/10 15:16:03 espie Exp $
+share/locale/ca/LC_MESSAGES/sudo.mo
+share/locale/ca/LC_MESSAGES/sudoers.mo
+share/locale/cs/LC_MESSAGES/sudo.mo
+share/locale/cs/LC_MESSAGES/sudoers.mo
+share/locale/da/LC_MESSAGES/sudo.mo
+share/locale/da/LC_MESSAGES/sudoers.mo
+share/locale/de/LC_MESSAGES/sudo.mo
+share/locale/de/LC_MESSAGES/sudoers.mo
+share/locale/el/LC_MESSAGES/sudoers.mo
+share/locale/eo/LC_MESSAGES/sudo.mo
+share/locale/eo/LC_MESSAGES/sudoers.mo
+share/locale/es/LC_MESSAGES/sudo.mo
+share/locale/eu/LC_MESSAGES/sudo.mo
+share/locale/eu/LC_MESSAGES/sudoers.mo
+share/locale/fi/LC_MESSAGES/sudo.mo
+share/locale/fi/LC_MESSAGES/sudoers.mo
+share/locale/fr/LC_MESSAGES/sudo.mo
+share/locale/fr/LC_MESSAGES/sudoers.mo
+share/locale/gl/LC_MESSAGES/sudo.mo
+share/locale/hr/LC_MESSAGES/sudo.mo
+share/locale/hr/LC_MESSAGES/sudoers.mo
+share/locale/it/LC_MESSAGES/sudo.mo
+share/locale/it/LC_MESSAGES/sudoers.mo
+share/locale/ja/LC_MESSAGES/sudo.mo
+share/locale/ja/LC_MESSAGES/sudoers.mo
+share/locale/lt/
+share/locale/lt/LC_MESSAGES/
+share/locale/lt/LC_MESSAGES/sudoers.mo
+share/locale/nb/LC_MESSAGES/sudo.mo
+share/locale/nb/LC_MESSAGES/sudoers.mo
+share/locale/nl/LC_MESSAGES/sudo.mo
+share/locale/nl/LC_MESSAGES/sudoers.mo
+share/locale/pl/LC_MESSAGES/sudo.mo
+share/locale/pl/LC_MESSAGES/sudoers.mo
+share/locale/pt_BR/LC_MESSAGES/sudo.mo
+share/locale/pt_BR/LC_MESSAGES/sudoers.mo
+share/locale/ru/LC_MESSAGES/sudo.mo
+share/locale/ru/LC_MESSAGES/sudoers.mo
+share/locale/sl/LC_MESSAGES/sudo.mo
+share/locale/sl/LC_MESSAGES/sudoers.mo
+share/locale/sr/LC_MESSAGES/sudo.mo
+share/locale/sr/LC_MESSAGES/sudoers.mo
+share/locale/sv/LC_MESSAGES/sudo.mo
+share/locale/sv/LC_MESSAGES/sudoers.mo
+share/locale/tr/LC_MESSAGES/sudo.mo
+share/locale/tr/LC_MESSAGES/sudoers.mo
+share/locale/uk/LC_MESSAGES/sudo.mo
+share/locale/uk/LC_MESSAGES/sudoers.mo
+share/locale/vi/LC_MESSAGES/sudo.mo
+share/locale/vi/LC_MESSAGES/sudoers.mo
+share/locale/zh_CN/LC_MESSAGES/sudo.mo
+share/locale/zh_CN/LC_MESSAGES/sudoers.mo
Index: security/sudo/pkg/PLIST
===================================================================
RCS file: security/sudo/pkg/PLIST
diff -N security/sudo/pkg/PLIST
--- security/sudo/pkg/PLIST     31 Dec 2019 21:54:25 -0000      1.7
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,47 +0,0 @@
-@comment $OpenBSD: PLIST,v 1.7 2019/12/31 21:54:25 millert Exp $
-@bin bin/cvtsudoers
-@mode 04555
-@bin bin/sudo
-@mode
-bin/sudoedit
-@bin bin/sudoreplay
-include/sudo_plugin.h
-libexec/sudo/
-libexec/sudo/group_file.la
-@so libexec/sudo/group_file.so
-libexec/sudo/libsudo_util.la
-@lib libexec/sudo/libsudo_util.so.${LIBsudo_util_VERSION}
-libexec/sudo/sudo_noexec.la
-@so libexec/sudo/sudo_noexec.so
-libexec/sudo/sudoers.la
-@so libexec/sudo/sudoers.so
-libexec/sudo/system_group.la
-@so libexec/sudo/system_group.so
-@man man/man1/cvtsudoers.1
-@man man/man5/sudo.conf.5
-@man man/man5/sudoers.5
-@man man/man5/sudoers_timestamp.5
-@man man/man8/sudo.8
-@man man/man8/sudo_plugin.8
-@man man/man8/sudoedit.8
-@man man/man8/sudoreplay.8
-@man man/man8/visudo.8
-@bin sbin/visudo
-share/doc/sudo/
-share/doc/sudo/CONTRIBUTORS
-share/doc/sudo/ChangeLog
-share/doc/sudo/HISTORY
-share/doc/sudo/LICENSE
-share/doc/sudo/NEWS
-share/doc/sudo/README
-share/doc/sudo/TROUBLESHOOTING
-share/doc/sudo/UPGRADE
-share/examples/sudo/
-share/examples/sudo/sudo.conf
-share/examples/sudo/sudoers
-share/examples/sudo/sudoers.OpenBSD
-@mode 0440
-@sample ${SYSCONFDIR}/sudoers
-@mode
-share/examples/sudo/syslog.conf
-%%gettext%%
Index: security/sudo/pkg/PLIST-logsrv
===================================================================
RCS file: security/sudo/pkg/PLIST-logsrv
diff -N security/sudo/pkg/PLIST-logsrv
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/sudo/pkg/PLIST-logsrv      19 Jun 2020 20:24:42 -0000
@@ -0,0 +1,10 @@
+@comment $OpenBSD: PLIST-logsrv,v$
+@rcscript ${RCDIR}/sudo_logsrvd
+@man man/man5/sudo_logsrv.proto.5
+@man man/man5/sudo_logsrvd.conf.5
+@man man/man8/sudo_logsrvd.8
+@man man/man8/sudo_sendlog.8
+@bin sbin/sudo_logsrvd
+@bin sbin/sudo_sendlog
+share/examples/sudo/sudo_logsrvd.conf
+@sample ${SYSCONFDIR}/sudo_logsrvd.conf
Index: security/sudo/pkg/PLIST-main
===================================================================
RCS file: security/sudo/pkg/PLIST-main
diff -N security/sudo/pkg/PLIST-main
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/sudo/pkg/PLIST-main        19 Jun 2020 19:12:11 -0000
@@ -0,0 +1,52 @@
+@comment $OpenBSD: PLIST,v 1.7 2019/12/31 21:54:25 millert Exp $
+@bin bin/cvtsudoers
+@mode 04555
+@bin bin/sudo
+@mode
+bin/sudoedit
+@bin bin/sudoreplay
+include/sudo_plugin.h
+libexec/sudo/
+libexec/sudo/audit_json.la
+@so libexec/sudo/audit_json.so
+libexec/sudo/group_file.la
+@so libexec/sudo/group_file.so
+libexec/sudo/libsudo_util.la
+@lib libexec/sudo/libsudo_util.so.${LIBsudo_util_VERSION}
+libexec/sudo/sample_approval.la
+@so libexec/sudo/sample_approval.so
+libexec/sudo/sudo_noexec.la
+@so libexec/sudo/sudo_noexec.so
+libexec/sudo/sudoers.la
+@so libexec/sudo/sudoers.so
+libexec/sudo/system_group.la
+@so libexec/sudo/system_group.so
+@man man/man1/cvtsudoers.1
+@man man/man5/sudo.conf.5
+@man man/man5/sudoers.5
+@man man/man5/sudoers_timestamp.5
+@man man/man8/sudo.8
+@man man/man8/sudo_plugin.8
+@man man/man8/sudoedit.8
+@man man/man8/sudoreplay.8
+@man man/man8/visudo.8
+@bin sbin/visudo
+share/doc/sudo/
+share/doc/sudo/CONTRIBUTORS
+share/doc/sudo/ChangeLog
+share/doc/sudo/HISTORY
+share/doc/sudo/LICENSE
+share/doc/sudo/NEWS
+share/doc/sudo/README
+share/doc/sudo/TROUBLESHOOTING
+share/doc/sudo/UPGRADE
+share/examples/sudo/
+share/examples/sudo/sudo.conf
+share/examples/sudo/sudoers
+share/examples/sudo/sudoers.OpenBSD
+@mode 0440
+@sample ${SYSCONFDIR}/sudoers
+@mode
+@sample ${SYSCONFDIR}/sudo.conf
+share/examples/sudo/syslog.conf
+%%gettext%%
Index: security/sudo/pkg/PLIST-python
===================================================================
RCS file: security/sudo/pkg/PLIST-python
diff -N security/sudo/pkg/PLIST-python
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/sudo/pkg/PLIST-python      19 Jun 2020 20:24:42 -0000
@@ -0,0 +1,11 @@
+@comment $OpenBSD: PLIST-python,v$
+libexec/sudo/python_plugin.la
+@so libexec/sudo/python_plugin.so
+@man man/man8/sudo_plugin_python.8
+share/examples/sudo/example_approval_plugin.py
+share/examples/sudo/example_audit_plugin.py
+share/examples/sudo/example_conversation.py
+share/examples/sudo/example_debugging.py
+share/examples/sudo/example_group_plugin.py
+share/examples/sudo/example_io_plugin.py
+share/examples/sudo/example_policy_plugin.py
Index: security/sudo/pkg/sudo_logsrvd.rc
===================================================================
RCS file: security/sudo/pkg/sudo_logsrvd.rc
diff -N security/sudo/pkg/sudo_logsrvd.rc
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/sudo/pkg/sudo_logsrvd.rc   19 Jun 2020 19:54:06 -0000
@@ -0,0 +1,9 @@
+#!/bin/ksh
+#
+# $OpenBSD$
+
+daemon="${TRUEPREFIX}/sbin/sudo_logsrvd"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1

[update] security/sudo to 1.9.1

Reply via email to