blob: c9251cf1f9f01c2b43cc3db8195d87813168d871 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
# Created by: erich@rrnet.com
PORTNAME= sudo
PORTVERSION= 1.9.11p2
CATEGORIES= security
MASTER_SITES= SUDO
MAINTAINER= garga@FreeBSD.org
COMMENT= Allow others to run commands as root
LICENSE= sudo
LICENSE_NAME= Sudo license
LICENSE_FILE= ${WRKSRC}/LICENSE.md
LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
USES= cpe libtool
CPE_VENDOR= todd_miller
USE_LDCONFIG= yes
GNU_CONFIGURE= yes
LDFLAGS+= -lgcc
CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \
--with-ignore-dot \
--with-tty-tickets \
--with-env-editor \
--with-logincap \
--with-long-otp-prompt \
--with-rundir=/var/run/sudo
OPTIONS_DEFINE= LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL \
AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES
OPTIONS_RADIO= KERBEROS
OPTIONS_DEFAULT= AUDIT PAM
OPTIONS_SUB= yes
INSULTS_DESC= Enable insults on failures
DISABLE_ROOT_SUDO_DESC= Do not allow root to run sudo
DISABLE_AUTH_DESC= Do not require authentication by default
NOARGS_SHELL_DESC= Run a shell if no arguments are given
AUDIT_DESC= Enable BSM audit support
KERBEROS_DESC= Enable Kerberos 5 authentication (no PAM support)
OPIE_DESC= Enable one-time passwords (no PAM support)
PYTHON_DESC= Enable python plugin support
SSSD_DESC= Enable SSSD backend support.
PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin
LOGFAC?= authpriv
CONFIGURE_ARGS+= --with-logfac=${LOGFAC}
# This is intentionally not an option.
# SUDO_SECURE_PATH is a PATH string that will override the user's PATH.
# ex: make SUDO_SECURE_PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
.if defined(SUDO_SECURE_PATH)
CONFIGURE_ARGS+= --with-secure-path="${SUDO_SECURE_PATH}"
.endif
NLS_USES= gettext
NLS_CONFIGURE_ENABLE= nls
NLS_LDFLAGS= -L${LOCALBASE}/lib -lintl
NLS_CFLAGS= -I${LOCALBASE}/include
INSULTS_CONFIGURE_ON= --with-insults
INSULTS_CONFIGURE_ON+= --with-all-insults
LDAP_USE= OPENLDAP=yes
LDAP_CONFIGURE_ON= --with-ldap=${PREFIX}
SUDO_LDAP_CONF?= ldap.conf
LDAP_CONFIGURE_ON+= --with-ldap-conf-file=${PREFIX}/etc/${SUDO_LDAP_CONF}
DISABLE_ROOT_SUDO_CONFIGURE_ON= --disable-root-sudo
DISABLE_AUTH_CONFIGURE_ON= --disable-authentication
NOARGS_SHELL_CONFIGURE_ENABLE= noargs-shell
AUDIT_CONFIGURE_WITH= bsm-audit
PAM_CONFIGURE_ON= --with-pam
OPIE_CONFIGURE_ON= --with-opie
PYTHON_USES= python
PYTHON_CONFIGURE_ENABLE= python
SSSD_CONFIGURE_ON= --with-sssd
SSSD_RUN_DEPENDS= sssd:security/sssd
OPTIONS_RADIO_KERBEROS= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
GSSAPI_BASE_USES= gssapi
GSSAPI_BASE_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
GSSAPI_HEIMDAL_USES= gssapi:heimdal
GSSAPI_HEIMDAL_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
GSSAPI_MIT_USES= gssapi:mit
GSSAPI_MIT_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
# This is intentionally not an option.
# SUDO_KERB5_INSTANCE is an optional instance string that will be appended to kerberos
# principals when to perform authentication. Common choices are "admin" and "sudo".
.if defined(SUDO_KERB5_INSTANCE)
CONFIGURE_ARGS+= --enable-kerb5-instance="${SUDO_KERB5_INSTANCE}"
.endif
.include <bsd.port.options.mk>
.if ${ARCH} == "arm"
CONFIGURE_ARGS+= --disable-pie
.endif
post-patch:
@${REINPLACE_CMD} -E '/install-(binaries|noexec):/,/^$$/ \
s/\$$\(INSTALL\)/& ${STRIP}/;s/-b\~/-b ~/' \
${WRKSRC}/src/Makefile.in
@${REINPLACE_CMD} -e 's,$$(srcdir)/sudoers2ldif $$(DESTDIR)$$(docdir),$$(srcdir)/sudoers2ldif $$(DESTDIR)$$(bindir),' \
${WRKSRC}/plugins/sudoers/Makefile.in
post-install:
${INSTALL_DATA} ${FILESDIR}/pam.conf ${STAGEDIR}${PREFIX}/etc/pam.d/sudo.default
${MV} ${STAGEDIR}${PREFIX}/etc/sudo.conf ${STAGEDIR}${PREFIX}/etc/sudo.conf.sample
${MV} ${STAGEDIR}${PREFIX}/etc/sudo_logsrvd.conf ${STAGEDIR}${PREFIX}/etc/sudo_logsrvd.conf.sample
${RM} ${STAGEDIR}${PREFIX}/etc/sudoers
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/cvtsudoers
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/sudoreplay
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/sudo_logsrvd
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/sudo_sendlog
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/visudo
.for f in audit_json.so group_file.so libsudo_util.so sample_approval.so sudoers.so system_group.so
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/${f}
.endfor
post-install-PYTHON-on:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/python_plugin.so
.include <bsd.port.mk>
|
