diff options
Diffstat (limited to 'poky/meta/recipes-extended/sudo')
4 files changed, 122 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/sudo/files/sudo.pam b/poky/meta/recipes-extended/sudo/files/sudo.pam new file mode 100644 index 000000000..515eab0c6 --- /dev/null +++ b/poky/meta/recipes-extended/sudo/files/sudo.pam @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session optional pam_keyinit.so revoke +session required pam_limits.so diff --git a/poky/meta/recipes-extended/sudo/sudo.inc b/poky/meta/recipes-extended/sudo/sudo.inc new file mode 100644 index 000000000..362bd3a2e --- /dev/null +++ b/poky/meta/recipes-extended/sudo/sudo.inc @@ -0,0 +1,46 @@ +SUMMARY = "Provide limited super user privileges to specific users" +DESCRIPTION = "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments." +HOMEPAGE = "http://www.sudo.ws" +BUGTRACKER = "http://www.sudo.ws/bugs/" +SECTION = "admin" +LICENSE = "ISC & BSD & Zlib" +LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=7765a3d787cb4fed3ccc3c9cee030af9 \ + file://plugins/sudoers/redblack.c;beginline=1;endline=41;md5=805782a8466975716f8376b2be9aedde \ + file://lib/util/reallocarray.c;beginline=3;endline=16;md5=85b0905b795d4d58bf2e00635649eec6 \ + file://lib/util/fnmatch.c;beginline=3;endline=27;md5=67f83ee9bd456557397082f8f1be0efd \ + file://lib/util/getcwd.c;beginline=5;endline=27;md5=449af4cc57fc7d46f42090608ba3e681 \ + file://lib/util/glob.c;beginline=6;endline=31;md5=5872733146b9eb0deb79e1f664815b85 \ + file://lib/util/snprintf.c;beginline=6;endline=34;md5=c82c1b3a5c32e08545c9ec5d71e41e50 \ + file://include/sudo_queue.h;beginline=5;endline=27;md5=449af4cc57fc7d46f42090608ba3e681 \ + file://lib/util/inet_pton.c;beginline=3;endline=17;md5=3970ab0518ab79cbd0bafb697f10b33a" + +inherit autotools + +PACKAGECONFIG ??= "" +PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib" + +CONFFILES_${PN} = "${sysconfdir}/sudoers" + +EXTRA_OECONF = "--with-editor=/bin/vi --with-env-editor" + +EXTRA_OECONF_append_libc-musl = " --disable-hardening " + +# mksigname/mksiglist are used on build host to generate source files +do_compile_prepend () { + # Remove build host references from sudo_usage.h + sed -i \ + -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,--build=${BUILD_SYS},,g' \ + -e 's,--host=${HOST_SYS},,g' \ + ${B}/src/sudo_usage.h + oe_runmake SSP_CFLAGS="" SSP_LDFLAGS="" CC="$BUILD_CC" CFLAGS="$BUILD_CFLAGS" CPPFLAGS="$BUILD_CPPFLAGS -I${S}/include -I${S} -I${B}" -C lib/util mksigname mksiglist +} + +# Explicitly create ${localstatedir}/lib before do_install to ensure +# the directory is accessible by all users. Otherwise the mkinstalldirs +# script (from sudo) will recursively create ${localstatedir}/lib/sudo +# and then chmod each directory with 0700 permissions, which isn't what +# we want (i.e, users would not be able to access /var/lib). +do_install_prepend (){ + mkdir -p ${D}/${localstatedir}/lib +} diff --git a/poky/meta/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch b/poky/meta/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch new file mode 100644 index 000000000..eb36cd49b --- /dev/null +++ b/poky/meta/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch @@ -0,0 +1,34 @@ +From 386e2c2fa2ab2e02ef71c268a57205139be329ab Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 31 Aug 2015 07:07:49 +0000 +Subject: [PATCH] Include sys/types.h for id_t definition + +/sudo_util.h:219:14: error: unknown type name 'id_t' + __dso_public id_t sudo_strtoid_v1(const char *str, const char *sep, + char **endp, const char **errstr); + ^ + make[1]: *** [preserve_fds.o] Error 1 + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + include/sudo_util.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/sudo_util.h b/include/sudo_util.h +index 89c9f89..ac0855a 100644 +--- a/include/sudo_util.h ++++ b/include/sudo_util.h +@@ -17,6 +17,8 @@ + #ifndef SUDO_UTIL_H + #define SUDO_UTIL_H + ++#include <sys/types.h> ++ + #ifdef HAVE_STDBOOL_H + # include <stdbool.h> + #else +-- +2.5.1 + diff --git a/poky/meta/recipes-extended/sudo/sudo_1.8.22.bb b/poky/meta/recipes-extended/sudo/sudo_1.8.22.bb new file mode 100644 index 000000000..91501781b --- /dev/null +++ b/poky/meta/recipes-extended/sudo/sudo_1.8.22.bb @@ -0,0 +1,36 @@ +require sudo.inc + +SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://0001-Include-sys-types.h-for-id_t-definition.patch \ + " + +PAM_SRC_URI = "file://sudo.pam" + +SRC_URI[md5sum] = "24abdea48db4c5abcd410167c801cc8c" +SRC_URI[sha256sum] = "7256cb27c20883b14360eddbd17f98922073d104b214cf65aeacf1d9c9b9fd02" + +DEPENDS += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" + +EXTRA_OECONF += " \ + ac_cv_type_rsize_t=no \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ + " + +do_install_append () { + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo + fi + + chmod 4111 ${D}${bindir}/sudo + chmod 0440 ${D}${sysconfdir}/sudoers + + # Explicitly remove the ${localstatedir}/run directory to avoid QA error + rmdir -p --ignore-fail-on-non-empty ${D}${localstatedir}/run/sudo +} + +FILES_${PN} += "${libdir}/tmpfiles.d" +FILES_${PN}-dev += "${libexecdir}/${BPN}/lib*${SOLIBSDEV} ${libexecdir}/${BPN}/*.la \ + ${libexecdir}/lib*${SOLIBSDEV} ${libexecdir}/*.la" |